Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61726 (GCVE-0-2025-61726)
Vulnerability from cvelistv5 – Published: 2026-01-28 19:30 – Updated: 2026-07-01 12:04| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/url |
Affected:
0 , < 1.24.12
(semver)
Affected: 1.25.0 , < 1.25.6 (semver) |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
cpe:/a:redhat:openshift:4.12::el8 cpe:/a:redhat:openshift:4.12::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
cpe:/a:redhat:openshift:4.13::el8 cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
cpe:/a:redhat:openshift:4.16::el8 cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el8 cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 |
cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v. 8.2) |
cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.4) |
cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) |
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.6) |
cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.6) |
cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.8) |
cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.8) |
cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Cert Manager support for Red Hat OpenShift release 1.17 |
cpe:/a:redhat:cert_manager:1.17::el9 |
|
| Red Hat | Custom Metric Autoscaler 2.19 |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9 |
|
| Red Hat | DevWorkspace Operator 0.4 |
cpe:/a:redhat:devworkspace:0.40::el9 |
|
| Red Hat | HawtIO HawtIO 4.3.1 |
cpe:/a:redhat:apache_camel_hawtio:4.3::el9 |
|
| Red Hat | HawtIO HawtIO 4.4.0 |
cpe:/a:redhat:apache_camel_hawtio:4.4::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.2 |
cpe:/a:redhat:logging:6.2::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.3 |
cpe:/a:redhat:logging:6.3::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | OpenShift Developer Tools and Services 1.6.2 |
cpe:/a:redhat:source_to_image:1.6::el8 |
|
| Red Hat | OpenShift File Integrity Operator - FIO 1 |
cpe:/a:redhat:openshift_file_integrity_operator:1::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.13 |
cpe:/a:redhat:acm:2.13::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.15 |
cpe:/a:redhat:acm:2.15::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.8 |
cpe:/a:redhat:advanced_cluster_security:4.8::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.16 |
cpe:/a:redhat:openshift_ai:2.16::el8 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.6.5 |
cpe:/a:redhat:openshift_builds:1.6::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces (RHOSDS) 3.26 |
cpe:/a:redhat:openshift_devspaces:3.26::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.27 |
cpe:/a:redhat:openshift_devspaces:3.27::el9 |
|
| Red Hat | Red Hat OpenShift GitOps 1.17 |
cpe:/a:redhat:openshift_gitops:1.17::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.18 |
cpe:/a:redhat:openshift_gitops:1.18::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.19 |
cpe:/a:redhat:openshift_gitops:1.19::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.0 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat OpenStack Services on OpenShift 18 |
cpe:/a:redhat:openstack:18.0::el9 |
|
| Red Hat | Red Hat Openshift Data Foundation 4.18 |
cpe:/a:redhat:openshift_data_foundation:4.18::el9 |
|
| Red Hat | Red Hat Openshift Data Foundation 4.19 |
cpe:/a:redhat:openshift_data_foundation:4.19::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.12 |
cpe:/a:redhat:quay:3.12::el8 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Satellite 6.18 |
cpe:/a:redhat:satellite:6.18::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | Streams for Apache Kafka 3.2.0 |
cpe:/a:redhat:amq_streams:3.2::el9 |
|
| Red Hat | Zero Trust Workload Identity Manager 1 |
cpe:/a:redhat:zero_trust_workload_identity_manager:1.0::el9 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2.0 |
cpe:/a:redhat:mirror_registry:2.0::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.10 |
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.7 |
cpe:/a:redhat:multicluster_engine:2.7::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
cpe:/a:redhat:multicluster_engine:2.9::el9 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Custom Metric Autoscaler operator for Red Hat Openshift |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | Multiarch Tuning Operator |
cpe:/a:redhat:multiarch_tuning_operator |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | Node Maintenance Operator |
cpe:/a:redhat:workload_availability_nmo:5 |
|
| Red Hat | OpenShift API for Data Protection |
cpe:/a:redhat:openshift_api_data_protection:1 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat AMQ Clients |
cpe:/a:redhat:amq_clients:2023 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Ceph Storage 5 |
cpe:/a:redhat:ceph_storage:5 |
|
| Red Hat | Red Hat Ceph Storage 6 |
cpe:/a:redhat:ceph_storage:6 |
|
| Red Hat | Red Hat Ceph Storage 7 |
cpe:/a:redhat:ceph_storage:7 |
|
| Red Hat | Red Hat Ceph Storage 8 |
cpe:/a:redhat:ceph_storage:8 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Edge Manager 1 |
cpe:/a:redhat:edge_manager:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3 |
cpe:/a:redhat:openshift_distributed_tracing:3 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Ironic content for Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift_ironic:4.17::el9 |
|
| Red Hat | Ironic content for Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift_ironic:4.18::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T18:31:39.150633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:31:59.685Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift:4.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9",
"cpe:/a:redhat:satellite_capsule:6.18::el9",
"cpe:/a:redhat:satellite_utils:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1.17::el9"
],
"defaultStatus": "affected",
"product": "Cert Manager support for Red Hat OpenShift release 1.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace:0.40::el9"
],
"defaultStatus": "affected",
"product": "DevWorkspace Operator 0.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.3::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.2::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.3::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:source_to_image:1.6::el8"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift File Integrity Operator - FIO 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.8::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.6.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.26::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.27::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.27",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.17::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.18::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Services on OpenShift 18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3.2::el9"
],
"defaultStatus": "affected",
"product": "Streams for Apache Kafka 3.2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2.0::el8"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "affected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler operator for Red Hat Openshift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multiarch_tuning_operator"
],
"defaultStatus": "affected",
"product": "Multiarch Tuning Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nmo:5"
],
"defaultStatus": "affected",
"product": "Node Maintenance Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "affected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "affected",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:7"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "affected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ironic:4.17::el9"
],
"defaultStatus": "unaffected",
"product": "Ironic content for Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ironic:4.18::el9"
],
"defaultStatus": "unaffected",
"product": "Ironic content for Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "unaffected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "unaffected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
}
],
"datePublic": "2026-01-28T19:30:31.215Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:04:49.812Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"name": "RHBZ#2434432",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7676"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4460"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3959"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6278"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26527"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26541"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10096"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3416"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17595"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3875"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17446"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3186"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3391"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14868"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3843"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4166"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3813"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3831"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3816"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4256"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17040"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4907"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3970"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16696"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3506"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3699"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3297"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3864"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4164"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3669"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2706"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2914"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3035"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3092"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4174"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3752"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3336"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4892"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3971"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3343"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5146"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5145"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19013"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19132"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4672"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2708"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3985"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3188"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3187"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3898"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4952"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3841"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3973"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3815"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5461"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5030"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3489"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3972"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3880"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3812"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5031"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3974"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3838"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3821"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4753"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5022"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16102"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3932"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3473"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3822"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5533"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5079"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25252"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25251"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3931"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3472"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3836"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3820"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5327"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25248"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25253"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12030"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3930"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3835"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3818"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12033"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4267"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4211"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12028"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5078"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12031"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12029"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11749"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9109"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3929"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3814"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3193"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3833"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3817"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9108"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5544"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5077"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9097"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9098"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3298"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3341"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3928"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3668"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2709"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2920"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3040"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3839"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4177"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3753"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4901"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3291"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3340"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18913"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5645"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7052"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4500"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4939"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4498"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6429"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6428"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6251"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4170"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8433"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4270"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8229"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13548"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11408"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4466"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4467"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4220"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3782"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19712"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3713"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5549"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12282"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14100"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21691"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15091"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14774"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10104"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4510"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4511"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17598"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3905"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3906"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6554"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21657"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4434"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7249"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4435"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20041"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3855"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3856"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8431"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6564"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3869"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3884"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3559"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8483"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3556"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5129"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5131"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3427"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3459"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5394"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11747"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26420"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12279"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6497"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6567"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15984"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14879"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5447"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5452"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5439"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4276"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3296"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3184"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5444"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5463"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4943"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10250"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10225"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8167"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17460"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17463"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9848"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:5636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8218"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11414"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:7676: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:4460: Red Hat Ansible Automation Platform 2.4 for RHEL 8, Red Hat Ansible Automation Platform 2.4 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:3959: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:6278: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:26527: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:26541: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:10096: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:3416: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:17595: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:3875: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:17446: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:3186: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:3391: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:5968: Red Hat Satellite 6.18 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14868: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3843: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:4166: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3813: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3192: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3977: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3831: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3816: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:4256: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:5852: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17040: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:4907: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3970: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16696: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3506: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3699: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3297: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3864: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:4164: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3669: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:2706: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:2914: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3035: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3840: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3092: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:4174: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3752: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3336: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:4892: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3971: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:3343: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:5146: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:5145: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19013: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:4672: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:2708: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3985: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3188: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3187: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3898: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:4952: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:3468: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3841: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3470: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3973: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3879: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3815: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:5461: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:5030: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3489: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3972: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3880: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3812: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5853: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5031: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3471: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:3974: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:3838: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:3821: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:4753: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:5022: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:16102: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3932: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3473: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3854: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:3822: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:5533: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:5079: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:25252: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25251: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3931: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3472: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3836: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:3820: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:5327: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25248: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:5076: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25253: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25250: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:12030: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12032: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3930: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3469: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3835: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:3818: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12033: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:4267: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:4211: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12028: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:5078: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12031: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:12029: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11749: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9109: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3929: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3814: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3193: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3833: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3817: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9108: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:4264: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5544: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:7854: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:5077: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9097: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9098: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:3298: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3341: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3928: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3668: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:2709: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:2920: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3040: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3839: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:4177: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3753: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3337: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:4901: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3291: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:3340: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:18913: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:5645: Cert Manager support for Red Hat OpenShift release 1.17"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:5851: DevWorkspace Operator 0.4"
},
{
"lang": "en",
"value": "RHSA-2026:7942: HawtIO HawtIO 4.3.1"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:7052: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:4500: Logging Subsystem for Red Hat OpenShift 6.2"
},
{
"lang": "en",
"value": "RHSA-2026:4939: Logging Subsystem for Red Hat OpenShift 6.3"
},
{
"lang": "en",
"value": "RHSA-2026:4498: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:6429: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:5110: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:6226: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:6251: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:4170: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:8433: OpenShift Compliance Operator 1"
},
{
"lang": "en",
"value": "RHSA-2026:4270: OpenShift Developer Tools and Services 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:22627: OpenShift File Integrity Operator - FIO 1"
},
{
"lang": "en",
"value": "RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:11408: Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"lang": "en",
"value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"lang": "en",
"value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:3089: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:7385: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:7291: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:4220: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:3782: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:10184: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:3713: Red Hat OpenShift AI 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:5549: Red Hat OpenShift Builds 1.6.5"
},
{
"lang": "en",
"value": "RHSA-2026:12282: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:14100: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:10104: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:4510: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:4511: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:3905: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:3906: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:6554: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:4434: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:7249: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:4435: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:3855: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:3856: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:8431: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:2844: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"lang": "en",
"value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:3869: Red Hat OpenShift GitOps 1.17"
},
{
"lang": "en",
"value": "RHSA-2026:3874: Red Hat OpenShift GitOps 1.18"
},
{
"lang": "en",
"value": "RHSA-2026:3884: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:3559: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5132: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:3556: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5948: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:5129: Red Hat OpenShift Service Mesh 3.0"
},
{
"lang": "en",
"value": "RHSA-2026:5950: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:5131: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:5952: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:5130: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:3427: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:3459: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:5394: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:11747: Red Hat OpenStack Services on OpenShift 18"
},
{
"lang": "en",
"value": "RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:6184: Red Hat Openshift Data Foundation 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:5665: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:4942: Red Hat Quay 3.12"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:6568: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:6497: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:2681: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:6567: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:5168: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:2754: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:15984: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:14879: Red Hat Satellite 6.18"
},
{
"lang": "en",
"value": "RHSA-2026:5447: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:5452: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:5439: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:4276: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:3296: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:3184: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:5444: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:5649: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:5463: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:4943: Red Hat Update Infrastructure 5"
},
{
"lang": "en",
"value": "RHSA-2026:10250: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:10225: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:8338: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:8337: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:8167: Red Hat Web Terminal 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:13571: Streams for Apache Kafka 3.2.0"
},
{
"lang": "en",
"value": "RHSA-2026:17460: Zero Trust Workload Identity Manager 1"
},
{
"lang": "en",
"value": "RHSA-2026:17463: Zero Trust Workload Identity Manager 1"
},
{
"lang": "en",
"value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
},
{
"lang": "en",
"value": "RHSA-2026:13542: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:9848: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:5636: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:8218: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:11414: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T20:01:42.791Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T19:30:31.215Z",
"value": "Made public."
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"workarounds": [
{
"lang": "en",
"value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/url",
"product": "net/url",
"programRoutines": [
{
"name": "parseQuery"
},
{
"name": "ParseQuery"
},
{
"name": "URL.Query"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.6",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "jub0bs"
}
],
"descriptions": [
{
"lang": "en",
"value": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T19:30:31.215Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/736712"
},
{
"url": "https://go.dev/issue/77101"
},
{
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"title": "Memory exhaustion in query parameter parsing in net/url"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61726",
"datePublished": "2026-01-28T19:30:31.215Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2026-07-01T12:04:49.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61726",
"date": "2026-07-01",
"epss": "0.01945",
"percentile": "0.77698"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61726\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-01-28T20:16:09.713\",\"lastModified\":\"2026-07-01T13:16:38.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.\"},{\"lang\":\"es\",\"value\":\"El paquete net/url no establece un l\u00edmite en el n\u00famero de par\u00e1metros de consulta en una consulta. Si bien el tama\u00f1o m\u00e1ximo de los par\u00e1metros de consulta en las URL generalmente est\u00e1 limitado por el tama\u00f1o m\u00e1ximo de la cabecera de solicitud, el m\u00e9todo net/http.Request.ParseForm puede analizar formularios grandes codificados en URL. Analizar un formulario grande que contiene muchos par\u00e1metros de consulta \u00fanicos puede causar un consumo excesivo de memoria.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"net/url\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"net/url\",\"programRoutines\":[{\"name\":\"parseQuery\"},{\"name\":\"ParseQuery\"},{\"name\":\"URL.Query\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.12\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.6\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.4 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.4::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.12::el8\",\"cpe:/a:redhat:openshift:4.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.13::el8\",\"cpe:/a:redhat:openshift:4.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.16::el8\",\"cpe:/a:redhat:openshift:4.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el8\",\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el8\",\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.4 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.4::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\",\"cpe:/a:redhat:openstack:17.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el8\",\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\",\"cpe:/a:redhat:satellite_capsule:6.18::el9\",\"cpe:/a:redhat:satellite_utils:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cert Manager support for Red Hat OpenShift release 1.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler 2.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"DevWorkspace Operator 0.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace:0.40::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.4.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability (NETOBSERV) 1.11.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Compliance Operator 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:source_to_image:1.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift File Integrity Operator - FIO 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.8::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed (formerly Insights) for Runtimes 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.16::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.6.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.26::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.27\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.17::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.18::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.19::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Services on OpenShift 18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.12::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Update Infrastructure 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhui:5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Streams for Apache Kafka 3.2.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2.0::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler operator for Red Hat Openshift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"ExternalDNS Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ext_dns_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multiarch Tuning Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multiarch_tuning_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node Maintenance Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nmo:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AMQ Clients\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_clients:2023\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Ironic content for Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ironic:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Ironic content for Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ironic:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-01-29T18:31:39.150633Z\",\"id\":\"CVE-2025-61726\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.12\",\"matchCriteriaId\":\"21FD9368-8AB3-404B-8599-BBF64EFE3C7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.6\",\"matchCriteriaId\":\"A547E844-78D2-4B17-B7A9-73E7B503D2CE\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/736712\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77101\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4341\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10096\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10104\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10184\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10225\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10250\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11408\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11414\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11747\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11749\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12028\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12029\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12030\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12031\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12032\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12033\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12279\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:12282\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13542\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13548\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14100\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14774\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14868\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14879\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15091\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15984\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16102\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16696\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17040\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17084\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17446\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17460\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17463\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17468\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17595\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17598\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18913\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19013\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19132\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19712\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20041\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21657\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21691\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22627\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22937\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23228\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25127\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25248\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25250\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25251\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25252\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25253\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26420\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26527\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26541\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2681\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2706\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2708\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2709\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2754\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28047\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2844\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28441\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2914\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2920\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3035\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3040\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3092\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3184\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3186\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3187\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3188\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3193\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3291\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3296\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3297\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3298\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3336\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3340\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3341\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3343\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3391\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3416\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3427\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3459\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3468\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3469\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3471\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3472\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3473\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3489\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3506\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3556\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3559\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3668\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3669\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3699\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3713\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3752\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3753\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3782\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3812\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3813\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3814\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3815\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3816\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3817\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3818\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3820\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3821\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3822\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3831\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3833\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3835\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3836\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3838\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3839\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3840\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3841\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3843\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3855\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3856\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3864\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3869\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3875\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3879\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3880\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3884\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3898\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3905\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3906\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3928\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3929\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3930\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3931\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3932\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3958\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3959\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3960\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3970\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3971\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3972\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3973\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3974\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3985\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4164\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4166\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4170\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4174\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4177\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4211\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4220\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4256\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4267\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4270\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4276\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4434\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4435\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4460\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4466\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4467\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4498\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4500\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4510\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4511\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4672\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4753\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4892\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4901\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4907\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4939\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4942\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4943\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4952\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5022\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5030\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5031\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5077\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5078\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5079\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5110\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5129\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5131\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5132\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5145\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5146\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5168\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5327\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5394\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5439\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5444\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5447\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5452\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5461\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5463\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5533\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5544\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5549\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5645\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5649\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5665\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5807\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5851\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5852\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5948\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5950\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5952\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:5968\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6184\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6226\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6251\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6277\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6278\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6428\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6429\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6497\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6554\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6564\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6567\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:6568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7052\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7249\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7291\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7676\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7942\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8151\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8167\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8218\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8229\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8431\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8433\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8483\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9097\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9098\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9108\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9109\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9848\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-61726\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2434432\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"golang: net/url: Memory exhaustion in query parameter parsing in net/url\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux Server (v. 7 ELS)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.4 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.12::el8\", \"cpe:/a:redhat:openshift:4.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.13::el8\", \"cpe:/a:redhat:openshift:4.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.16::el8\", \"cpe:/a:redhat:openshift:4.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el8\", \"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el8\", \"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.4 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4 on RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\", \"cpe:/a:redhat:openstack:17.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el8\", \"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.18::el9\", \"cpe:/a:redhat:satellite_capsule:6.18::el9\", \"cpe:/a:redhat:satellite_utils:6.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.18 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cert Manager support for Red Hat OpenShift release 1.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler 2.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace:0.40::el9\"], \"vendor\": \"Red Hat\", \"product\": \"DevWorkspace Operator 0.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"HawtIO HawtIO 4.3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"HawtIO HawtIO 4.4.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.4.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.5.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability (NETOBSERV) 1.11.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:source_to_image:1.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services 1.6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift File Integrity Operator - FIO 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed (formerly Insights) for Runtimes 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.16::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.25::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.25\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.6.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.20\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.26::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.27::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.27\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.17::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.18::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.19::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.9.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Services on OpenShift 18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.12::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhui:5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Update Infrastructure 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Streams for Apache Kafka 3.2.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:2.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift 2.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler operator for Red Hat Openshift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ext_dns_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"ExternalDNS Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multiarch_tuning_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Multiarch Tuning Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nmo:5\"], \"vendor\": \"Red Hat\", \"product\": \"Node Maintenance Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_clients:2023\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AMQ Clients\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:5\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ironic:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ironic content for Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ironic:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Ironic content for Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-01-28T20:01:42.791Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-01-28T19:30:31.215Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:3958: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7676: Red Hat Enterprise Linux Server (v. 7 ELS)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4460: Red Hat Ansible Automation Platform 2.4 for RHEL 8, Red Hat Ansible Automation Platform 2.4 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3959: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6278: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26527: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26541: Red Hat OpenShift Container Platform 4.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10096: Red Hat OpenShift Container Platform 4.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3416: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17595: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3875: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17446: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3186: Cryostat 4 on RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28047: Red Hat OpenStack Platform 17.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3391: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5968: Red Hat Satellite 6.18 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14868: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3843: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4166: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3813: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3192: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3977: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3831: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3816: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4256: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5852: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17040: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4907: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3970: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16696: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3506: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3699: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3297: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3864: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4164: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3669: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2706: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2914: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3035: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3840: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3092: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4174: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3752: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3336: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4892: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3971: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3343: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5146: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5145: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19013: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22937: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22450: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19132: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4672: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2708: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3985: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3188: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3187: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3898: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4952: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3468: Red Hat Enterprise Linux AppStream AUS (v. 8.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3841: Red Hat Enterprise Linux AppStream AUS (v. 8.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3470: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3973: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3879: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3815: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5461: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5030: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3489: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3972: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3880: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3812: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5853: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5031: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3471: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3974: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3838: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3821: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4753: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5022: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16102: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3932: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3473: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3854: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3822: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5533: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5079: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25252: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25251: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3931: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3472: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3836: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3820: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5327: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25248: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5076: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25253: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25250: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12030: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12032: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3930: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3469: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3835: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3818: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12033: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4267: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4211: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12028: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5078: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12031: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12029: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11749: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9109: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3929: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3814: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3193: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3833: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3817: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9108: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4264: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5544: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7854: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5077: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9097: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9098: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3298: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3341: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3928: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3668: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2709: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2920: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3040: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3839: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4177: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3753: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3337: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4901: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3291: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3340: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18913: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23228: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22714: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5645: Cert Manager support for Red Hat OpenShift release 1.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26636: Custom Metric Autoscaler 2.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5851: DevWorkspace Operator 0.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7942: HawtIO HawtIO 4.3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25089: HawtIO HawtIO 4.4.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7052: Logging Subsystem for Red Hat OpenShift 6.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4500: Logging Subsystem for Red Hat OpenShift 6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4939: Logging Subsystem for Red Hat OpenShift 6.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4498: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6429: Multicluster Global Hub 1.4.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5110: Multicluster Global Hub 1.5.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6226: Multicluster Global Hub 1.6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6428: Network Observability (NETOBSERV) 1.11.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6251: OpenShift API for Data Protection 1.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4170: OpenShift API for Data Protection 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8433: OpenShift Compliance Operator 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4270: OpenShift Developer Tools and Services 1.6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22627: OpenShift File Integrity Operator - FIO 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8229: Red Hat Advanced Cluster Management for Kubernetes 2.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13548: Red Hat Advanced Cluster Management for Kubernetes 2.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8151: Red Hat Advanced Cluster Management for Kubernetes 2.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11408: Red Hat Advanced Cluster Management for Kubernetes 2.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3960: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3089: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7385: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7291: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4220: Red Hat Lightspeed (formerly Insights) for Runtimes 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5807: Red Hat OpenShift AI 2.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3782: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10184: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24977: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19712: Red Hat OpenShift AI 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3713: Red Hat OpenShift AI 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5549: Red Hat OpenShift Builds 1.6.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12282: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14100: Red Hat OpenShift Container Platform 4.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21691: Red Hat OpenShift Container Platform 4.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10104: Red Hat OpenShift Container Platform 4.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4510: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4511: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3905: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3906: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6554: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21657: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4434: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7249: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4435: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3855: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3856: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8431: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6564: Red Hat OpenShift Container Platform 4.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2844: Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3869: Red Hat OpenShift GitOps 1.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3874: Red Hat OpenShift GitOps 1.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3884: Red Hat OpenShift GitOps 1.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3559: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8483: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5132: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3556: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5948: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5129: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5950: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5131: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5952: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5130: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3427: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3459: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5394: Red Hat OpenStack Platform 17.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11747: Red Hat OpenStack Services on OpenShift 18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26420: Red Hat Openshift Data Foundation 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6184: Red Hat Openshift Data Foundation 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:12279: Red Hat Openshift Data Foundation 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4942: Red Hat Quay 3.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21017: Red Hat Quay 3.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6568: Red Hat Quay 3.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6497: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19375: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2681: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:6567: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5665: Red Hat Quay 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23361: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5168: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:2754: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15984: Red Hat Satellite 6.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14879: Red Hat Satellite 6.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5447: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5452: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5439: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4276: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3296: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:3184: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5444: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5649: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5463: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:4943: Red Hat Update Infrastructure 5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10250: Red Hat Web Terminal 1.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10225: Red Hat Web Terminal 1.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8338: Red Hat Web Terminal 1.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8337: Red Hat Web Terminal 1.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8167: Red Hat Web Terminal 1.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13571: Streams for Apache Kafka 3.2.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17460: Zero Trust Workload Identity Manager 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17463: Zero Trust Workload Identity Manager 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13542: multicluster engine for Kubernetes 2.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9848: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:5636: multicluster engine for Kubernetes 2.7\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8218: multicluster engine for Kubernetes 2.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11414: multicluster engine for Kubernetes 2.9\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-01-28T19:30:31.215Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-61726\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2434432\", \"name\": \"RHBZ#2434432\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61726.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3958\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7676\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4460\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3959\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6278\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26527\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26541\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10096\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3416\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17595\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3875\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17446\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6277\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3186\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28047\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5968\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14868\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3843\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4166\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3813\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3977\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3831\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3816\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17084\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4256\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5852\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17040\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4907\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3970\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16696\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3506\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3699\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3297\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3864\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4164\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3669\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2706\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2914\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3035\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3840\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3092\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4174\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3752\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3336\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4892\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3971\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3343\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5146\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5145\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19013\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22937\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19132\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4672\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2708\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3985\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3188\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3187\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3898\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4952\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3468\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3841\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3973\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3879\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3815\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5461\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5030\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3489\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3972\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3880\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3812\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5031\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3471\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3974\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3838\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3821\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4753\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5022\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3932\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3473\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3822\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5533\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5079\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25252\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25251\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3931\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3472\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3836\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3820\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5327\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25248\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25253\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25250\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12030\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12032\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3930\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3469\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3835\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3818\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12033\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4267\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4211\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12028\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5078\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12031\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12029\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11749\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9109\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3929\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3814\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3193\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3833\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3817\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9108\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5544\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5077\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9097\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9098\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3298\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3341\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3928\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3668\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2920\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3040\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3839\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4177\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3753\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4901\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3291\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3340\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18913\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23228\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5645\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26636\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5851\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7942\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7052\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4500\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4939\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4498\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6429\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5110\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6226\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6428\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6251\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4170\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8433\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4270\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22627\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8229\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25127\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13548\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8151\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11408\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4466\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4467\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3960\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7291\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4220\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5807\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3782\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10184\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24977\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19712\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3713\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5549\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12282\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14100\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21691\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15091\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14774\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10104\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4510\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4511\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17598\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3905\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3906\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6554\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21657\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4434\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7249\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4435\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20041\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3855\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3856\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8431\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17468\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6564\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2844\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3869\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3884\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3559\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8483\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5132\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3556\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5948\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5129\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5950\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5131\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5952\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3427\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3459\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5394\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11747\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26420\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6184\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:12279\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4942\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21017\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6568\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6497\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19375\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2681\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:6567\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5665\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23361\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5168\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2754\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15984\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14879\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5447\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5452\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5439\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4276\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3296\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:3184\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5444\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5649\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5463\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:4943\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10250\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10225\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8338\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8167\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17460\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17463\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28441\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13542\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9848\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:5636\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8218\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11414\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T12:06:15.501Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61726\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T18:31:39.150633Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T18:31:55.540Z\"}}], \"cna\": {\"title\": \"Memory exhaustion in query parameter parsing in net/url\", \"credits\": [{\"lang\": \"en\", \"value\": \"jub0bs\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/url\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.6\", \"versionType\": \"semver\"}], \"packageName\": \"net/url\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseQuery\"}, {\"name\": \"ParseQuery\"}, {\"name\": \"URL.Query\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/736712\"}, {\"url\": \"https://go.dev/issue/77101\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4341\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-01-28T19:30:31.215Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61726\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T12:06:15.501Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-01-28T19:30:31.215Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:5807
Vulnerability from csaf_redhat - Published: 2026-03-25 12:32 - Updated: 2026-07-01 14:49A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a "decompression bomb," during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici's ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client's Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
A denial of service flaw has been discovered in the flatted npm library. flatted's parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.4 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5807",
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-25621",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12060",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12638",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6193",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66626",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1526",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1528",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2229",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32141",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5807.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2026-07-01T14:49:18+00:00",
"generator": {
"date": "2026-07-01T14:49:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5807",
"initial_release_date": "2026-03-25T12:32:51+00:00",
"revision_history": [
{
"date": "2026-03-25T12:32:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-25T12:33:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:49:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3Ab68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Afd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3A4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774288148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3A64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282078"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3Ab26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282134"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3Af38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282087"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3Ac46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282268"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282328"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Ab82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282159"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283932"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Aace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3Aa880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774286327"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282092"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3Aa291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774283191"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3Aae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Aabdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282058"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3Aaa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282170"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774296584"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774293140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774285579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=1774282073"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2025-11-06T19:01:04.402278+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2413190"
}
],
"notes": [
{
"category": "description",
"text": "A local privilege escalation vulnerability has been discovered in containerd. This vulnerability is the result of an overly broad default permission which allows local users on the host to potentially access the metadata store, the content store and the contents of Kubernetes local volumes. The contents of volumes might include setuid binaries, which could allow a local user on the host to elevate privileges on the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd local privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-25621"
},
{
"category": "external",
"summary": "RHBZ#2413190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25621"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/blob/main/docs/rootless.md",
"url": "https://github.com/containerd/containerd/blob/main/docs/rootless.md"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5",
"url": "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w"
}
],
"release_date": "2025-11-06T18:36:21.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "The system administrator on the host can manually chmod the directories to not\nhave group or world accessible permissions:\n```\nchmod 700 /var/lib/containerd\nchmod 700 /run/containerd/io.containerd.grpc.v1.cri\nchmod 700 /run/containerd/io.containerd.sandbox.controller.v1.shim\n```\nAn alternative mitigation would be to run containerd in rootless mode.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd local privilege escalation"
},
{
"cve": "CVE-2025-6193",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-06-20T14:05:07.010000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374032"
}
],
"notes": [
{
"category": "description",
"text": "A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod\u0027s terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "trustyai-explainability: command injection via LMEvalJob CR",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6193"
},
{
"category": "external",
"summary": "RHBZ#2374032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374032"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6193"
},
{
"category": "external",
"summary": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504",
"url": "https://github.com/trustyai-explainability/trustyai-service-operator/pull/504"
}
],
"release_date": "2025-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "trustyai-explainability: command injection via LMEvalJob CR"
},
{
"cve": "CVE-2025-12060",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-10-30T18:01:32.193676+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407443"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the keras Python library. when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python\u0027s tarfile.extractall function without the filter=\"data\" feature. A remote attacker can craft a malicious tar archive containing special symlinks, which, when extracted, allows them to write arbitrary files to any location on the filesystem outside of the intended destination folder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Keras Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12060"
},
{
"category": "external",
"summary": "RHBZ#2407443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12060"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/pull/21760",
"url": "https://github.com/keras-team/keras/pull/21760"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9",
"url": "https://github.com/keras-team/keras/security/advisories/GHSA-hjqc-jx6g-rwp9"
}
],
"release_date": "2025-10-30T17:10:43.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Keras Path Traversal Vulnerability"
},
{
"cve": "CVE-2025-12638",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-11-28T15:01:10.693633+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417711"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in Keras. The vulnerability arises because the function uses Python\u0027s tarfile.extractall() method without the security-critical filter=\u0027data\u0027 parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "keras: Path Traversal Vulnerability in keras",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12638"
},
{
"category": "external",
"summary": "RHBZ#2417711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12638"
},
{
"category": "external",
"summary": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951",
"url": "https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4",
"url": "https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4"
}
],
"release_date": "2025-11-28T14:06:02.069000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "keras: Path Traversal Vulnerability in keras"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66626",
"cwe": {
"id": "CWE-73",
"name": "External Control of File Name or Path"
},
"discovery_date": "2025-12-09T21:01:10.560389+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420818"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal and arbitrary file overwrite vulnerability has been identified in Argo Workflows during the extraction of archived artifacts, where symbolic links inside a crafted archive are not safely validated before file extraction. An attacker could exploit this flaw by submitting a malicious archive containing symbolic links that point outside the intended extraction directory, causing files to be written or overwritten in unintended locations within the workflow pod. Successful exploitation may allow an attacker to overwrite execution control files and achieve arbitrary command execution during pod startup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as High severity (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H, 8.3) because an attacker with basic workflow submission privileges can supply a specially crafted archive that is automatically extracted without proper validation. The attack complexity is low and does not require user interaction once the malicious workflow is submitted. Successful exploitation allows arbitrary file overwrite within the affected pod, including critical execution files, which can result in code execution at pod startup. While the impact is generally limited to the compromised pod and does not directly lead to host-level compromise, the integrity and availability impacts within the container are significant, justifying a High severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66626"
},
{
"category": "external",
"summary": "RHBZ#2420818",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420818"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66626"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66626"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-p84v-gxvw-73pf",
"url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037",
"url": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1",
"url": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1"
},
{
"category": "external",
"summary": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
}
],
"release_date": "2025-12-09T20:19:14.680000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/argoproj/argo-workflows: argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1526",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T21:01:25.538271+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447142"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker can exploit this vulnerability by sending a specially crafted compressed frame, known as a \"decompression bomb,\" during permessage-deflate decompression. The undici WebSocket client does not properly limit the size of decompressed data, leading to unbounded memory consumption. This can cause the Node.js process to exhaust available memory, resulting in a denial of service (DoS) where the process crashes or becomes unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1526"
},
{
"category": "external",
"summary": "RHBZ#2447142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1526"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-vrm6-8vpv-qv8q"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3481206",
"url": "https://hackerone.com/reports/3481206"
}
],
"release_date": "2026-03-12T20:08:05.950000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression"
},
{
"cve": "CVE-2026-1528",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:36.954017+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447145"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1528"
},
{
"category": "external",
"summary": "RHBZ#2447145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3537648",
"url": "https://hackerone.com/reports/3537648"
}
],
"release_date": "2026-03-12T20:21:57.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: undici: Denial of Service via crafted WebSocket frame with large length"
},
{
"cve": "CVE-2026-2229",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-12T21:01:29.187989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447143"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici WebSocket client. A remote malicious server can exploit this vulnerability by sending a WebSocket frame with an invalid `server_max_window_bits` parameter within the permessage-deflate extension. This improper validation causes the client\u0027s Node.js process to terminate, leading to a denial-of-service (DoS) condition for the client.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2229"
},
{
"category": "external",
"summary": "RHBZ#2447143",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447143"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2229"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc7692",
"url": "https://datatracker.ietf.org/doc/html/rfc7692"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3487486",
"url": "https://hackerone.com/reports/3487486"
},
{
"category": "external",
"summary": "https://nodejs.org/api/zlib.html#class-zlibinflateraw",
"url": "https://nodejs.org/api/zlib.html#class-zlibinflateraw"
}
],
"release_date": "2026-03-12T20:27:05.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32141",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-12T19:01:30.987208+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447083"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the flatted npm library. flatted\u0027s parse() function uses a recursive revive() phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow that crashes the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "flatted: flatted: Unbounded recursion DoS in parse() revive phase",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32141"
},
{
"category": "external",
"summary": "RHBZ#2447083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32141"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606",
"url": "https://github.com/WebReflection/flatted/commit/7eb65d857e1a40de11c47461cdbc8541449f0606"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/pull/88",
"url": "https://github.com/WebReflection/flatted/pull/88"
},
{
"category": "external",
"summary": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f",
"url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f"
}
],
"release_date": "2026-03-12T18:08:09.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T12:32:51+00:00",
"details": "For Red Hat OpenShift AI 2.16.4 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5807"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:b68b73951beeabe942be43f65e778ff98e1cdfc6fdb4b052794f0cd4b191b819_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:fd02f0f70e38c947cdc307be3d9660f87262d92c5a361fa1bf68f24a72c91476_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:4e77720ec7972239d2b5198afc01ebd5dd777a1f75c2d19dbfeeb44f7adf729c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:64b60a2fcfb9806422127db0a7c42f665fa41f47cbe8fe2b98c6bc20b6a1bf28_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:b26f5118ae8e7e25783233698fe0d5df1e56cde8d75f745204d9f78c4d838412_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:9855fe0311c11b91fa38d205a65c0ad41b9447267408b3e7eb8f9b4c1d727acf_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:f38932929d45522b0cfd9e2dd87682a3495688aad859b3a8dac51398860e0e95_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:c46e2392d44830fc612d1dc41ed953352dadcef696bc50a848d2cc5de694e1ca_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:0a30729330611926e635ec292bac2f5b7ce9f677aaff7f84b23549b2bbbd506d_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:b82bbdac9d911544af8bc55ce7e688610be23cf6c31676af30fea76e3613d125_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:9cfe909d46447d1dad8fd6a2319873d43b680b260d31f009eb086e22ad706f16_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:87129d071d526f8e4fe597f23ea169bf3920e0d52b7a7698e8c5685ef84b8f4a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:07d85d51bfd8caddf447d7ea8c9b0c30879c03d8c3b9110cb86fc54e63ff0b48_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ace145ce198785d2b587c4206d915f3c0e0ebe0b051cdd16ccc82cbc74e11352_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:a880b9fd06cd7206e3397025371ba3a3655798be5d64bed620f3847ff6a0b5ac_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:8b7e95c316a28938a37b885d3e5c0503728add4b75066f3953430e5385dcacf5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:14245353d924e3416f1b637ba1fec18a3218d9402965ff0acdfd2497e294f9ae_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:abdb41f0a3c3f60094b48b2b69545968292446e3a609c42fdb51f27b4ef7ae81_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:a291cd5f04c559fd16477ae2ad364a350c4bf0c5a3f5aa2e614260fd4a5bece2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:ae2514c29fedec9401a594ca3fe5e7ca132d23f2f2a1966b5f6cc7bb8b99d75b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:aa551353c01d864361785cded067ec32e5bb3e478964aa540749b6a23f93b4db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:9407349c0fbf8d8be227d61d21e4ca9cc2d640c18ca040dfd94c33f0b1250f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:2e62a8a86b30347004012213f9af230d957cbb3f96771aa68490be6a3e22d949_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:6617c8beeb481dd39ae877b08361a377bc946fdf97787445bbec5bb3a0a0be1c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:297d22ca72b764328f7d0b85f7f7c013c91ca85d70f08be45a6689c85da6b311_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:92571ea118c1b28b480cd40c1006e8d057e959cd2fd8e01f300926ccadd46fc7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "flatted: flatted: Unbounded recursion DoS in parse() revive phase"
}
]
}
RHSA-2026:5851
Vulnerability from csaf_redhat - Published: 2026-03-25 23:56 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — |
Workaround
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 | — | ||
| Unresolved product id: DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "DevWorkspace Operator 0.40.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The DevWorkspace Operator extends OpenShift to provide DevWorkspace support.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5851",
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/CRW-10575",
"url": "https://redhat.atlassian.net/browse/CRW-10575"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5851.json"
}
],
"title": "Red Hat Security Advisory: DevWorkspace Operator 0.40.0 release.",
"tracking": {
"current_release_date": "2026-07-01T14:12:26+00:00",
"generator": {
"date": "2026-07-01T14:12:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5851",
"initial_release_date": "2026-03-25T23:56:41+00:00",
"revision_history": [
{
"date": "2026-03-25T23:56:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-25T23:56:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "DevWorkspace Operator 0.4",
"product": {
"name": "DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:devworkspace:0.40::el9"
}
}
}
],
"category": "product_family",
"name": "DevWorkspace Operator"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-operator-bundle@sha256%3Ab22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773959130"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30?arch=amd64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3Aab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53?arch=s390x\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3Ade7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3Abf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50?arch=ppc64le\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-rhel9-operator@sha256%3A783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953459"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-backup-rhel9@sha256%3A812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773527262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product_id": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devworkspace-project-clone-rhel9@sha256%3A955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514?arch=arm64\u0026repository_url=registry.redhat.io/devworkspace\u0026tag=1773953548"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64 as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le as a component of DevWorkspace Operator 0.4",
"product_id": "DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
},
"product_reference": "registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le",
"relates_to_product_reference": "DevWorkspace Operator 0.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"known_not_affected": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-25T23:56:41+00:00",
"details": "To start using the DevWorkspace Operator, install the DevWorkspace Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5851"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-operator-bundle@sha256:b22a283fc83e7b6d99cd35afd6c8b066026fb8699a7d48a64eceea1f7a4262c5_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:0d1a98bd35453d85403050bf2d5a60399048bef2d9a01b44438da3fc991cdddc_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:662efae63c52da171bef532813311884c14d24dfe561ed338298965d1b49e1ea_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:812e9962c2b538d56054b0373df679f02e92f47457049a5acda883d047816464_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-backup-rhel9@sha256:ab53d75e3c7adb9f71d5c3e69158bee347767f4935dcea57af1a55528c4b6e4f_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:11c561bf7aac3f3ac3adfbc437a3f56ef7fdf494f02c161bde982156b36d8b30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:16c8a2101e6d1cb0db4834d42fe8b9bfa24e70dd2c03691cd5e5e6d7c2d1de53_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:955b69b44e7678aa7cac4d88f3142a2e4c44fe586ecf521034ebae40539e8514_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9@sha256:bf5514d940f858292f98853f4a939d8e89977f0bc72b5be34304bfb60b52ee50_ppc64le",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:030160d105ab2fd0f9815527f1b37055c4f734bee9f37f7ea923a506f8e39c30_amd64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:783ba2b9c36eabf2d04c30be1fd025502dacfd9138e9650c1d91dc7670c50faf_arm64",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:90826bb4d26aa81609923bf06310f98ffcc01754bf21d6b78123b1e1dff39645_s390x",
"DevWorkspace Operator 0.4:registry.redhat.io/devworkspace/devworkspace-rhel9-operator@sha256:de7e7e42e24111905f25990ed89adfbaee8b4467b9889142dff6091f4719da44_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:5852
Vulnerability from csaf_redhat - Published: 2026-03-26 00:58 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5852",
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5852.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-01T14:12:26+00:00",
"generator": {
"date": "2026-07-01T14:12:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5852",
"initial_release_date": "2026-03-26T00:58:34+00:00",
"revision_history": [
{
"date": "2026-03-26T00:58:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T00:58:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.src",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.src",
"product_id": "osbuild-composer-0:134.1-5.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@134.1-5.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T00:58:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T00:58:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5852"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.src",
"AppStream-10.0.Z.E2S:osbuild-composer-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-core-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-debugsource-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-tests-debuginfo-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-0:134.1-5.el10_0.x86_64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.aarch64",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.s390x",
"AppStream-10.0.Z.E2S:osbuild-composer-worker-debuginfo-0:134.1-5.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5853
Vulnerability from csaf_redhat - Published: 2026-03-26 01:05 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for osbuild-composer is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5853",
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5853.json"
}
],
"title": "Red Hat Security Advisory: osbuild-composer security update",
"tracking": {
"current_release_date": "2026-07-01T14:12:26+00:00",
"generator": {
"date": "2026-07-01T14:12:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5853",
"initial_release_date": "2026-03-26T01:05:19+00:00",
"revision_history": [
{
"date": "2026-03-26T01:05:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T01:05:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.src",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.src",
"product_id": "osbuild-composer-0:46.3-6.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-dnf-json@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debugsource@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-core-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-tests-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product_id": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/osbuild-composer-worker-debuginfo@46.3-6.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
},
"product_reference": "osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T01:05:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T01:05:19+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5853"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.AUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.E4S:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.src",
"AppStream-8.6.0.Z.TUS:osbuild-composer-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-core-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-debugsource-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-dnf-json-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-tests-debuginfo-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-0:46.3-6.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:osbuild-composer-worker-debuginfo-0:46.3-6.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:5948
Vulnerability from csaf_redhat - Published: 2026-03-26 14:31 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.9\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.9, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5948",
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5948.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9",
"tracking": {
"current_release_date": "2026-07-01T14:12:40+00:00",
"generator": {
"date": "2026-07-01T14:12:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5948",
"initial_release_date": "2026-03-26T14:31:40+00:00",
"revision_history": [
{
"date": "2026-03-26T14:31:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T14:31:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774302863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Adcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aefdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aefc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ab1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Acf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Afe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ada9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aaaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
RHSA-2026:5950
Vulnerability from csaf_redhat - Published: 2026-03-26 14:51 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.6\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.6, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n \nFixes/Improvements:\n\n* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5950",
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5950.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6",
"tracking": {
"current_release_date": "2026-07-01T14:12:41+00:00",
"generator": {
"date": "2026-07-01T14:12:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5950",
"initial_release_date": "2026-03-26T14:51:43+00:00",
"revision_history": [
{
"date": "2026-03-26T14:51:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T14:51:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774299519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aa75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Af19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ae997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
RHSA-2026:5952
Vulnerability from csaf_redhat - Published: 2026-03-26 15:03 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.3\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* Updated to Istio version 1.27.8\n\n* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5952",
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5952.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.3",
"tracking": {
"current_release_date": "2026-07-01T14:12:42+00:00",
"generator": {
"date": "2026-07-01T14:12:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5952",
"initial_release_date": "2026-03-26T15:03:15+00:00",
"revision_history": [
{
"date": "2026-03-26T15:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T15:03:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774299791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Adae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aeba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
RHSA-2026:5968
Vulnerability from csaf_redhat - Published: 2026-03-26 19:47 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — | ||
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src | — |
Workaround
|
|
| Unresolved product id: 9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new release is now available for Red Hat Satellite 6.18 for RHEL 9.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations\nto configure and maintain their systems without the necessity to provide\npublic Internet access to their servers or other client systems. It\nperforms provisioning and configuration management of predefined standard\noperating environments.\n\nSecurity Fix(es):\n\n* yggdrasil-worker-forwarder: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n* yggdrasil-worker-forwarder: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n* yggdrasil-worker-forwarder: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n* rubygem-rubyipmi: Remote Code Execution in rubyipmi via malicious BMC username (CVE-2026-0980)\n* rubygem-foreman_kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification (CVE-2026-1531)\n* foreman: Foreman: Remote Code Execution via command injection in WebSocket proxy (CVE-2026-1961)\n* rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection (CVE-2026-4324)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5968",
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "SAT-41530",
"url": "https://issues.redhat.com/browse/SAT-41530"
},
{
"category": "external",
"summary": "SAT-42707",
"url": "https://issues.redhat.com/browse/SAT-42707"
},
{
"category": "external",
"summary": "SAT-42708",
"url": "https://issues.redhat.com/browse/SAT-42708"
},
{
"category": "external",
"summary": "SAT-42710",
"url": "https://issues.redhat.com/browse/SAT-42710"
},
{
"category": "external",
"summary": "SAT-42711",
"url": "https://issues.redhat.com/browse/SAT-42711"
},
{
"category": "external",
"summary": "SAT-42712",
"url": "https://issues.redhat.com/browse/SAT-42712"
},
{
"category": "external",
"summary": "SAT-42713",
"url": "https://issues.redhat.com/browse/SAT-42713"
},
{
"category": "external",
"summary": "SAT-42714",
"url": "https://issues.redhat.com/browse/SAT-42714"
},
{
"category": "external",
"summary": "SAT-42715",
"url": "https://issues.redhat.com/browse/SAT-42715"
},
{
"category": "external",
"summary": "SAT-42716",
"url": "https://issues.redhat.com/browse/SAT-42716"
},
{
"category": "external",
"summary": "SAT-42717",
"url": "https://issues.redhat.com/browse/SAT-42717"
},
{
"category": "external",
"summary": "SAT-42718",
"url": "https://issues.redhat.com/browse/SAT-42718"
},
{
"category": "external",
"summary": "SAT-43310",
"url": "https://issues.redhat.com/browse/SAT-43310"
},
{
"category": "external",
"summary": "SAT-43742",
"url": "https://issues.redhat.com/browse/SAT-43742"
},
{
"category": "external",
"summary": "SAT-43743",
"url": "https://issues.redhat.com/browse/SAT-43743"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5968.json"
}
],
"title": "Red Hat Security Advisory: Satellite 6.18.4 Async Update",
"tracking": {
"current_release_date": "2026-07-01T14:12:27+00:00",
"generator": {
"date": "2026-07-01T14:12:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:5968",
"initial_release_date": "2026-03-26T19:47:53+00:00",
"revision_history": [
{
"date": "2026-03-26T19:47:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T19:47:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.18::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.18::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product": {
"name": "Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_utils:6.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-0:3.16.0.12-1.el9sat.src",
"product": {
"name": "foreman-0:3.16.0.12-1.el9sat.src",
"product_id": "foreman-0:3.16.0.12-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.16.0.12-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product_id": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.16.0.6-1.el9sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:4.2.29-1.el9pc.src",
"product": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src",
"product_id": "python3.12-django-0:4.2.29-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@4.2.29-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product_id": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.24.5-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product_id": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.73.26-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product_id": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-rpm@3.29.9-1.el9pc?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product_id": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_kubevirt@0.4.3-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product_id": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.18.0.9-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product_id": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.18.4-2.el9sat.src",
"product": {
"name": "satellite-0:6.18.4-2.el9sat.src",
"product_id": "satellite-0:6.18.4-2.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.18.4-2.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-4.el9sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product_id": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@12.2.17-1.el9sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-pcp@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-dynflow-sidekiq@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-redis@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-service@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product": {
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product_id": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@3.16.0.12-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product_id": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@3.16.0.6-1.el9sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product_id": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@3.16.0.6-1.el9sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product_id": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@4.2.29-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product_id": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.24.5-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product_id": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.73.26-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product_id": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-rpm@3.29.9-1.el9pc?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product_id": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_kubevirt@0.4.3-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product_id": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-katello@4.18.0.9-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product_id": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-rubyipmi@0.13.0-1.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-common-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-obsolete-packages@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.18.4-2.el9sat.noarch",
"product": {
"name": "satellite-0:6.18.4-2.el9sat.noarch",
"product_id": "satellite-0:6.18.4-2.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.18.4-2.el9sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product_id": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-foreman_rh_cloud@12.2.17-1.el9sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product_id": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yggdrasil-worker-forwarder@0.0.3-4.el9sat?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-capsule-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-common-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-capsule"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18-utils"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:3.16.0.12-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src"
},
"product_reference": "foreman-0:3.16.0.12-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:3.16.0.6-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src"
},
"product_reference": "foreman-installer-1:3.16.0.6-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch"
},
"product_reference": "foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-redis-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-service-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-service-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
},
"product_reference": "foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:4.2.29-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src"
},
"product_reference": "python3.12-django-0:4.2.29-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.24.5-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src"
},
"product_reference": "python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src"
},
"product_reference": "python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.73.26-1.el9pc.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src"
},
"product_reference": "python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch"
},
"product_reference": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
},
"product_reference": "rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch"
},
"product_reference": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src"
},
"product_reference": "rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch"
},
"product_reference": "rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-katello-0:4.18.0.9-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
},
"product_reference": "rubygem-katello-0:4.18.0.9-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
},
"product_reference": "rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.18.4-2.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src"
},
"product_reference": "satellite-0:6.18.4-2.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-cli-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-common-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
},
"product_reference": "satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"relates_to_product_reference": "9Base-satellite-6.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64 as a component of Red Hat Satellite 6.18 for RHEL 9",
"product_id": "9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
},
"product_reference": "yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64",
"relates_to_product_reference": "9Base-satellite-6.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-0980",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-15T08:50:01.841000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429874"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat Satellite because it requires the BMC component to be enabled and configured to use `ipmitool` as the IPMI implementation. An authenticated attacker with host creation or update permissions can exploit this by crafting a malicious BMC username. Exploitation is limited to environments meeting these specific configuration and permission requirements.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0980"
},
{
"category": "external",
"summary": "RHBZ#2429874",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429874"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0980"
}
],
"release_date": "2020-01-15T08:08:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username"
},
{
"acknowledgments": [
{
"names": [
"Evgeni Golov"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-1531",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-01-28T12:50:13.269000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack could lead to the disclosure or alteration of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw in foreman_kubevirt where the default configuration for connecting to OpenShift disables SSL verification if a CA certificate is not explicitly provided. This insecure default allows a remote attacker to perform a Man-in-the-Middle attack by intercepting network traffic between Satellite and OpenShift, potentially leading to information disclosure or alteration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1531"
},
{
"category": "external",
"summary": "RHBZ#2433786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1531"
}
],
"release_date": "2026-01-28T12:34:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that a Certificate Authority (CA) certificate is explicitly configured when setting up the connection to OpenShift in foreman_kubevirt. This will enable SSL verification and prevent Man-in-the-Middle attacks. Refer to the foreman_kubevirt documentation for specific instructions on configuring CA certificates. A restart or service reload may be required for the changes to take effect.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification"
},
{
"acknowledgments": [
{
"names": [
"Houssam Sahli"
]
}
],
"cve": "CVE-2026-1961",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-02-05T10:40:57.141000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman\u0027s WebSocket proxy implementation. This vulnerability arises from the system\u0027s use of unsanitized hostname values from compute resource providers when constructing shell commands. By operating a malicious compute resource server, an attacker could achieve remote code execution on the Foreman server when a user accesses VM VNC console functionality. This could lead to the compromise of sensitive credentials and the entire managed infrastructure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated as Important. Command injection vulnerability in Foreman\u0027s WebSocket proxy. Exploitation occurs when an administrator configures a malicious compute resource server and subsequently accesses its VM console functionality. Successful exploitation can lead to remote code execution on the Foreman server, potentially compromising sensitive credentials and the entire managed infrastructure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1961"
},
{
"category": "external",
"summary": "RHBZ#2437036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1961"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1961",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1961"
}
],
"release_date": "2026-03-26T12:30:45.446000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "forman: Foreman: Remote Code Execution via command injection in WebSocket proxy"
},
{
"cve": "CVE-2026-4324",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"discovery_date": "2026-03-17T12:28:40.127000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448349"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_images API endpoint. This can lead to a Denial of Service (DoS) by triggering database errors, and potentially enable Boolean-based Blind SQL injection, which could allow an attacker to extract sensitive information from the database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in the Katello plugin for Red Hat Satellite allows an attacker to inject arbitrary SQL commands into the `/api/hosts/bootc_images` API endpoint. By manipulating the `sort_by` parameter, an attacker could trigger database errors, cause a Denial of Service, or potentially perform Boolean-based Blind SQL injection. This affects Red Hat Satellite installations utilizing the Katello plugin.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
],
"known_not_affected": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4324"
},
{
"category": "external",
"summary": "RHBZ#2448349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4324"
}
],
"release_date": "2026-03-17T13:18:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T19:47:53+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.18/html/updating_red_hat_satellite/index",
"product_ids": [
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5968"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-satellite-6.18-capsule:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18-capsule:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18-capsule:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18-capsule:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-capsule:satellite-capsule-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-capsule:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18-utils:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18-utils:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18-utils:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18-utils:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-0:3.16.0.12-1.el9sat.src",
"9Base-satellite-6.18:foreman-cli-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-debug-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-dynflow-sidekiq-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-ec2-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-installer-1:3.16.0.6-1.el9sat.src",
"9Base-satellite-6.18:foreman-installer-katello-1:3.16.0.6-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-journald-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-libvirt-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-openstack-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-pcp-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-postgresql-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-redis-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-service-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-telemetry-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:foreman-vmware-0:3.16.0.12-1.el9sat.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-django-0:4.2.29-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-container-0:2.24.5-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulp-rpm-0:3.29.9-1.el9pc.src",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.noarch",
"9Base-satellite-6.18:python3.12-pulpcore-0:3.73.26-1.el9pc.src",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_kubevirt-0:0.4.3-1.el9sat.src",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-foreman_rh_cloud-0:12.2.17-1.el9sat.src",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-katello-0:4.18.0.9-1.el9sat.src",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.noarch",
"9Base-satellite-6.18:rubygem-rubyipmi-0:0.13.0-1.el9sat.src",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-0:6.18.4-2.el9sat.src",
"9Base-satellite-6.18:satellite-cli-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-common-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:satellite-obsolete-packages-0:6.18.4-2.el9sat.noarch",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.src",
"9Base-satellite-6.18:yggdrasil-worker-forwarder-0:0.0.3-4.el9sat.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection"
}
]
}
RHSA-2026:6184
Vulnerability from csaf_redhat - Published: 2026-03-30 13:41 - Updated: 2026-07-01 14:12A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6184",
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6184.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19.13 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-01T14:12:27+00:00",
"generator": {
"date": "2026-07-01T14:12:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6184",
"initial_release_date": "2026-03-30T13:41:49+00:00",
"revision_history": [
{
"date": "2026-03-30T13:41:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T09:34:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.19",
"product": {
"name": "Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.19::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439398"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3A09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aa3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3A7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439395"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ab900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Aee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3Abed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439399"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_id": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-dependencies-operator-bundle@sha256%3Abb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439410"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ad5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ab865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439406"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439415"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439421"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439418"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439451"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Abd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774439437"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Af6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Adf81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ab8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379712"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Aacdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Ab5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Ae03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Abf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Aee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379710"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774432831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379856"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aa04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379915"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379986"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774379972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380550"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Aef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380042"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Aae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Af05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380190"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ada49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380303"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380423"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380409"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Aa9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774380526"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64 as a component of Red Hat Openshift Data Foundation 4.19",
"product_id": "Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T13:41:49+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.19/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6184"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:1e1c090a1a2a9a4ecd41b3e70c16a1a26c6e24505babcc04af57dfdd6a874c2b_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:15da48ce459ac77baf3ba6fd5c5c231310d9f6323fea8ea68f39326031fe8d75_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7d0aa6bbba0cbd84d092910b057b32d6d5e20e4de249cec3e3bc908b1f01f0a2_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e527b03513ba9e0d611fe4e89b6149a14a32747dd95605a36b572c89284f4eb7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e957fbb8420a8394d15fdaeadc351b3710cdeb59d2cd86e43dd4dad1472df847_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:5b9b6ebe13f098c401a0374de95260dfbef2d8a8d5f4072f13ca5b2ccd249168_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6d321e73408ac86e6757aa45f604fdd595cf32c37e6280628dab4a336a6eb08f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/cephcsi-rhel9@sha256:b8b1bd25b8bad6859413ecba9c7b9137db25a7b80768838643e37d6304d70315_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:081b4ae6d4cd30faea2600d345df27f8a117cf80b263598ee6010925efb7c00a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:8d7acef03cd20033ef81f7e7bb27f0724935bdccfdfd0fc25fc845a7fcc403e0_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-core-rhel9@sha256:9eb3e2043402719a5cef662e5266458f3fd38497c2b3d5790f74aa357d8aa89e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-operator-bundle@sha256:09b5dafb1e88781997b2a34aab9002eb79e08c3f57d2080fdc34ba0ffcbae840_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:151b7342469b48fc4e737a25bdd2f334fb0abc2217f6261ef1af57b0e5e1f2f8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:44458cad32917b3f47a2b2d80e3546a0ef4edfd66c2661c2f59cf14a5776a093_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:9e19279098bb59c55a9d82d8d193ba4a1ea66d4a99de883dec2cc82ee41ea1f4_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:acdca139d9b87e53cdadd79d6f22bd67ca8417fbd13014e5773a49f45da88983_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:05987829acdfb85202174009bbbe38fb1c5408b0054752fdf23c49be9dc1bdc1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:30bd0c096ec25b220cd872b450ac7d12bea6aad09b66c48829e72c54c3f73c3c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:49d09af234ac8f41751d0461d869d829008b21b2b93cc50196aadf2321a47924_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:5129e5202f7b6badd7c0da8f9540053079048fa0f8e2e337fe6f1eb6aa5dca05_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:74ff9af31e918804088279dc68c4765099d5108b98b37d8311370e32a6a7b711_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:008fef7f9ae19e47818f18cfa53c4c9f2a39697ed7f052bf68a632742f90186f_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:07e341abe1d62f19e569bf35c59a4e8d8cbe53476c77279a27dc9cff171356bf_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1a6360c861def8c6518a84639620c0b88cfd7eb69d4d131232b72ba59bf52ade_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:1bc385728aef2749bab029cf21c795d19c4be2f6259f87e88af306d90baaed23_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:077137531fbebfda3f071186eee0623f2b2dfe55933774d0957259217fd5a4aa_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:26d999d2a06b3568ae05af33a6721c2f95d7f9566af01e5c5d78b990781d3472_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:882d21f1c6596acc164b9f8c32a7bb825749dea1ae49ed6643062baf79e09b2d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3cc89b871545e7499141c57fe9a1b73778674cf6b8cb49255ff7014691366fd_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-operator-bundle@sha256:7f7e66a77f20ac2891186ecf8e93abf829c059a0f674345c8fbfedf57a8eab2f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:6327c16c8f5575296145de293f141848223a28a213fa255e53e25ca7a8b8c935_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:696891ad8c64c139996cef7b03bfce56835989dc27fa80c8c2852fecf7d9ca6c_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:a04a6ce43e54eb6578350ef42fb0d46e7f0996f64729d857474710b362f6bd53_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ea8709d43b8faa46cbf5c7420dd06583a4a0407f13883dbf2970fbf1ff64c75e_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:03d982ffb6b0ad3053e383804230ed8a52fb109e6b2ad617dfc38fc313bfa7b1_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:3da3c2e394847cf5f4f9ae81fb2c1a06bdc55c99fc86ca3fc2842d2b3786b04a_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:58144de202ebd7ead11453a7d92b5a8af087649bfbdd23bb79875a029b69b9eb_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cli-rhel9@sha256:b5c416315471f3fbe18cd01376dfb88b93cc9084e90d8c4f8cd9700fee738745_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:1a35d685a9488bc395bc523f2203a50d5404f7b15cc133ace95f093d7f1d0955_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:65dee106865e579baa4f0f0a1520651d0b2a10cd25073bf9e8655c5ea32c1f02_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e03c3c9cad6578cb6c824e2a7e922b55f32ec595492b9d8944cf7baafce6186a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:e41a49307c08650cd104ac387a2acc70436870c69eaa98e1cb7508215bc6ae2c_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:059284b6b9df97c9047f4de059f8eb20b1043e8d0d56322a628cb58202fd0c3a_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:10974417c23cc9e9ca8b2d6195ab706d8fae87b7e11a234869d549a51a000d8e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:88bf6b806cce22b265204a0bc4bb051a412a1c02e27ab159f41cb0637784cc98_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-console-rhel9@sha256:8bfa83fa8b3a65064e3e0d2357eaf2b8cf9c49dc868b6a942ade0041f0fafeb7_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:093550baf58e3533ff0f011f7f03f49ec4c58fbdcd5d5d178be94ba56ecab3b4_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:2c3c2a4ac3de9c44a96961be7eabac783767f9659c9f0006cf1be0115f2d410d_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b900f16da0323de026da5daff7062cade07197cfbe1689f7e275e716ff97f3ac_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:ef4e55d5aba04300dbb9801ce59abc3c5c54f3ea9e10cff0777293ca8adf1b13_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:bed7ba86c54141d42df1856d58b829c5e52b67cb58aa691f475c6ce5d94d67f8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:5ed54f8edfbc26afcf1d9a421eaa16927a95df1c7c2efe83b3c37a087ca0c8f0_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b481f1bbac417a24fe821b6c27142f0a5eda5a033da51d876f1c2dbf4ecfe6c5_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b5146905986a106ed69b994edef95ea65d222f75ee4db9b086ba51f3eb163106_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:ee97f1400b62d04af173477ee8f0f503621cb501a0803df7d1ef3eeb0a9ee7c2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:1bb70292f41bb4b6dda3b86356ccf98a862876965700b006ec1b1f41cbb6b1c9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:3a6c4a85117bc04806e2a3852b723f385ca0771fda41979291b79dd91ad13252_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ae777911c6129b2cc15f7aa26e8be308e4aab1909c710287285e548d51ec2f6e_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:bf9ab046a7fb04dc5f6a18579de25db8913272a6d6e44104721357a0f8052df9_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:bb025fb454abd015448136e8ad77cecbf0a4d50fbb52dcd7a835c93495f14fb8_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:0d6f6678b193c1b17aa667217c3719569c3320e1de184e6187108b0631f38a4f_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7c6cacf2859051ef8a0d5cca87f2d93ad687bf865c23c6158f43ef55c83282be_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:7ede3a5484be66a751e02f1562bf120296cd4db98dd2cbeaf69cd731b63d52d5_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:f05b342d57db90d424263571ed064fc595ba79aa06a45f185df0848b4469964b_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b865cfbd68be8478154679f113df8c1edf51220f855df5c0d9218f0c5c5ec1b9_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:77fd0635e65ae410817a505915482ad31cbe1722cb3bce12f901e3f5efd95ec7_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9883e6e55b784a826c112adfacb42bd648e8a07d9aa2ccb14366b79f5a6af2fb_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:d5df3dd7473dd4e84d4e59e1b3745adbadc92c02479ab8941c540085992fa0f5_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:f6bbdcf9d470cc0b4e0ece205f831adc19663c49738b0462bd1328a37ec47cb1_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2b4722bb9bc56414fc375e2839bbde576d14980244b1e00d3dc95a3ad74e054f_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:52152eb08e135ee16dd442386cf67b8300b283086f34c136c5e7130761ad958e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:5e530cbb57422da34c3f3e2e7e35b5aebb17f216091e6283e9ea16b9d0d48098_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:da49c79bba5dee57bacba5382fc54bb71340a43a8ee5f72016c7dbe1f443ccd5_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-operator-bundle@sha256:1118c52d5dcd2faa966de83ae878983590e752f30224675b33372a7e4e803d04_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:05734db6aacfcc2eac853ca50c2936a2b0689d808e18e52aaa59a997ffdb4bd7_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1751cb3db9ea33b95c184ed57395887d8c640d29938a8d5097c82570a18214d6_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:49984513be2194b7878a0ad50023b5bc6dce130432ba1b5f521c95f5f8a11a9e_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:521e308173b25708e304f78cef99581bd1179b4610c94c505094af88ad4ea7e2_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odf-rhel9-operator@sha256:ee6f0a5490684c06e4a2fef2ed81b32b8129faa8eaa1f9b9618338feb59dc6b3_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:146ef0d616706b3b6f4f256a59d2db6da13ba8f7c66fc8a6cf57c34e1177af5d_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:0e4eebf6ffc3c94b2883fcc86bf8dbae29b4c220c24120ae8f09619f0373b145_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:527cea3e59277739f736511efda8b7a22b4c9e7576e8f7e4c06b36bba338de54_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:3ab78ddeadb36f07614aadc863c4bca05fafccdc328a74f6e40f7338050045cd_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:5a8278d6f6c8e61154a6fe2c0d1a89e04ed508a4795988a9d7106924d39fa401_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:781335cf5545e48ee2b610555543010b309c0ffbc761773c565384d2fb85cc20_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/odr-rhel9-operator@sha256:df81abd7f37d6fbb43ae1ecdf88dbd630af25a5c1148799cf708caacc10c0ae8_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:6b99236a40b7f4d55df53d6f984eaccdc15680058c35e1900f325fdaf4060614_amd64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:172fffa220630fe05d4af1cd6e1981ef959179e765dbaa01180a29930dc35e5b_ppc64le",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:4b780c7960ebcae9b2a730c93985f3e79c8934148507fc944441c6f6262ad285_s390x",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:a9deb410f35ae15ed4a51fc54ea32f96de1ca226b9c0f268b98b619970e2c1d9_arm64",
"Red Hat Openshift Data Foundation 4.19:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bd539d4d1cd3b9f4e322a1edaa20c247c96fba4859df0032936ef423f3d45365_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:6192
Vulnerability from csaf_redhat - Published: 2026-03-30 15:41 - Updated: 2026-07-01 14:12A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik's plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a malicious client can indefinitely tie up system resources such as "go routines" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik's configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server's resources become exhausted by these persistent, non-responsive connections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
Workaround
|
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.27.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.27 release is based on Eclipse Che 7.115 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6192",
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.27/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-54386",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1002",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22045",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24842",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25223",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25949",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26960",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6192.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.27.0 Release.",
"tracking": {
"current_release_date": "2026-07-01T14:12:28+00:00",
"generator": {
"date": "2026-07-01T14:12:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6192",
"initial_release_date": "2026-03-30T15:41:48+00:00",
"revision_history": [
{
"date": "2026-03-30T15:41:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T15:41:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T14:12:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.27::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Adf538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ad0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ab260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ade4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ad160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3A70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Addbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ae9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Adb2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3A5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Acad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Aacaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3A0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Ac82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Aaae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3Ac51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Ab5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3A84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774448966"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774422248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774155063"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Ae139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774476526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774587761"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774414236"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_id": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-redirector-rhel9@sha256%3Aef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775064"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774607447"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3Ad25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774609756"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ab6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1773775544"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774228740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774227265"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Acef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774451954"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel10@sha256%3Ae5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774143680"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_id": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256%3Ae095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1774070844"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64"
},
"product_reference": "registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64 as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le as a component of Red Hat OpenShift Dev Spaces 3.27",
"product_id": "Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces 3.27"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-54386",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-02T00:00:54.513784+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik\u0027s plugin installation mechanism. This vulnerability allows remote code execution, privilege escalation, persistence, or application-level denial of service via a crafted ZIP archive exploiting a path traversal vector.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "RHBZ#2386070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54386"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/71",
"url": "https://github.com/traefik/plugin-service/pull/71"
},
{
"category": "external",
"summary": "https://github.com/traefik/plugin-service/pull/72",
"url": "https://github.com/traefik/plugin-service/pull/72"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800",
"url": "https://github.com/traefik/traefik/commit/5ef853a0c53068f69a6c229a5815a0dc6e0a8800"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/pull/11911",
"url": "https://github.com/traefik/traefik/pull/11911"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.28",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.28"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-q6gg-9f92-r9wg"
}
],
"release_date": "2025-08-01T23:32:21.747000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik\u0027s Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-22045",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-15T23:01:12.589198+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430198"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with \"acme-tls/1\" before ceasing communication, a malicious client can indefinitely tie up system resources such as \"go routines\" (lightweight threads) and file descriptors. This leads to a Denial of Service (DoS) of the entry point, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. In the Red Hat context, this flaw affects Traefik as deployed in Red Hat OpenShift Dev Spaces. An unauthenticated attacker can exploit the ACME TLS-ALPN fast path to exhaust system resources, leading to a denial of service of the entry point.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "RHBZ#2430198",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430198"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22045"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22045"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d",
"url": "https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.35",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.35"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.7",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.7"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq"
}
],
"release_date": "2026-01-15T22:44:05.423000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "traefik: Traefik: Denial of Service via ACME TLS-ALPN fast path resource exhaustion"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
},
{
"cve": "CVE-2026-25223",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2026-02-03T22:01:19.884891+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436560"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fastify, a web framework for Node.js. A remote attacker can exploit a validation bypass vulnerability by appending a tab character followed by arbitrary content to the Content-Type header. This circumvents the request body validation schemas, allowing the server to process the body as the original content type without proper validation. This could lead to unexpected data processing and potential integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Fastify, a Node.js web framework, allows remote attackers to bypass request body validation by manipulating the Content-Type header. This can lead to unexpected data processing and integrity issues in applications. Red Hat products such as Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Red Hat OpenShift Dev Spaces are affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25223"
},
{
"category": "external",
"summary": "RHBZ#2436560",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436560"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25223",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25223"
},
{
"category": "external",
"summary": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization",
"url": "https://fastify.dev/docs/latest/Reference/Validation-and-Serialization"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/content-type-parser.js#L125"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272",
"url": "https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validation.js#L272"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821",
"url": "https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821"
},
{
"category": "external",
"summary": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq",
"url": "https://github.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3464114",
"url": "https://hackerone.com/reports/3464114"
}
],
"release_date": "2026-02-03T21:21:40.268000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Fastify: Fastify: Validation bypass due to malformed Content-Type header leading to integrity impact"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25949",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-02-12T21:01:13.761844+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439522"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. An unauthenticated client can exploit this vulnerability by sending a specific 8-byte Postgres SSLRequest (STARTTLS) prelude and then intentionally delaying further communication. This action bypasses Traefik\u0027s configured read timeouts, causing connections to remain open indefinitely. The primary consequence is a Denial of Service, as the server\u0027s resources become exhausted by these persistent, non-responsive connections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT denial of service flaw in Traefik, an HTTP reverse proxy and load balancer, affecting Red Hat OpenShift Dev Spaces. An unauthenticated client can exploit this by sending a specific STARTTLS request and then stalling, which bypasses configured read timeouts and causes connections to remain open indefinitely, leading to resource exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25949"
},
{
"category": "external",
"summary": "RHBZ#2439522",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439522"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25949"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678",
"url": "https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.6.8",
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.8"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w"
}
],
"release_date": "2026-02-12T20:01:19.600000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/traefik/traefik: Traefik: Denial of Service via stalled STARTTLS requests"
},
{
"cve": "CVE-2026-26960",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-20T02:01:07.883769+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar. An attacker can craft a malicious archive that, when extracted with default options, creates a hardlink outside the intended extraction directory. This vulnerability allows the attacker to perform arbitrary file read and write operations as the user extracting the archive, bypassing existing path protections. This can lead to unauthorized access and modification of sensitive system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat environments, this condition introduces a significant constraint, as exploitation requires user interaction and reliance on unsafe handling of externally supplied archives. The attack is not remotely exploitable in isolation and depends on a user or service processing attacker-controlled input.\n\nFurthermore, the impact of the vulnerability is limited to the privileges of the extracting process. In typical Red Hat deployments, archive extraction is performed by non-privileged users or within confined environments such as containers or restricted service contexts, which limits the scope of potential damage.\n\nRed Hat analysis also notes that this issue does not provide a direct mechanism for code execution or privilege escalation, but rather enables file system manipulation within the boundaries of the executing user\u2019s permissions.\n\nGiven the requirement for user-assisted exploitation, the absence of a direct remote attack vector, and the confinement of impact to the privileges of the extracting process, Red Hat considers the practical risk to be lower than the generalized NVD assessment. As a result, this vulnerability is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26960"
},
{
"category": "external",
"summary": "RHBZ#2441253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441253"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384",
"url": "https://github.com/isaacs/node-tar/commit/2cb1120bcefe28d7ecc719b41441ade59c52e384"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f",
"url": "https://github.com/isaacs/node-tar/commit/d18e4e1f846f4ddddc153b0f536a19c050e7499f"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-83g3-92jg-28cx"
}
],
"release_date": "2026-02-20T01:07:52.979000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-tar: node-tar: Arbitrary file read/write via malicious archive hardlink creation"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T15:41:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6192"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1033ffe714e728e289eddaa3809e9d21915de193813339fa5c049373e3e78719_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:1c026c9c6fa5b70e2ab18b79f7974fe811558a4fbb3efee8eac17a165af2d4a2_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:650e9cec2b386064718aa87d794e3264eaf3af766060e4141f6f0870347cdb64_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-rhel9@sha256:cad5f1983385201427a94f980baeefece28aedc8089425db88806d54103dfe91_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6446db0167fbd287557bb29b9f090da15b1b0846c62df9fd96cafd0784d4769d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ca2b5dd80258f6d5105df99a2a4160086248ede21fd4fdb7be7d9d0e1768ec99_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:d0e058ad62081efbb2d62a979d3d52443a19d361e2bec3d1bb1a6d403c4fa336_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:ed1952126d5efdfe97f1d5411b7f057631bbae1b9c748c5f45746b6ee145fcad_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:81dc1398a2f94a040d43841f908c743f696ba9edfdd36ad47b225a90ef69da28_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:87415e884ce4a792725ebef47c95e81a4c98b594a333f5c9852ce68c13d33c09_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:acaa080820cc3886395466b4a327600752f13eb9e8728cece8bff696d92649e2_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/configbump-rhel9@sha256:d160df16f213208e22f67e0261fed70a5aa6eb64a79438c7affac0748d214e08_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:272a65ee82a9484e1d4362a9f33b6cc1b0eb13d93e70b19cc3d0208f021c2bda_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:2bc4515148a52d94e1fcaf8991ddf0e9e98f0565bdae0f7f6c732feac0540d95_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:e139d927ef936bfabf780286ec4b4bf97e318db69c1af5b7473dd33ae54931b4_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/dashboard-rhel9@sha256:ff64d5d47c91c59904cb2a90eb9e42e563fea560407fa6c0590b964ace2ce469_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:d25e5effc8f3e6f0a02f3f1795cb83b585508b79e236b66e9a67be1511593864_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:5d1045ab74b00b9ac4888a7971adfddf03142cf73b80e427d2bdde17f8a33f7d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:6ca64429fd2b33806f766cb84e2392bf16e85a64adeb19f687fd2f5ba588a359_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b317d159f7de28b2424c0333f48574b4b6b4852405f82a0643c0f22ff37253c6_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b98b93207d245e32fca4182f7f8debd05b853082f79eb06d513fd25eb659ab7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0d44f88b37488308e5c166fbf61ef195e473949d4d8930742742d52da8bd1d09_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:49848a9d6c888956fe17c0a7faa350b1b534aa7623c6368c45fa676ec603c9a9_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:582e28a0f571b32aa45ffdde4369479efb0fa504f163caf738b2dea23ad017f0_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8487157abf1a0cb7fb35aafdf9f5c3f3b7b3c107c5583b5cb2ceb80aabaaba75_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:0504f72e32867f2e16ae91237e494ad597897d234da6c772deedeec03c77f7da_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:2c0bfdd79524706c055e32bc68b3e099beea3f19e89184e763912b964588ca7e_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:4eb8ed347e951e036b5e464891ad26775288421b5ad4279e0a0a6a7682ed614a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:ed6c681b49c827af9faad6364a9a5fff068253878597f4e2768f51e2debedabf_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:70d9bf5801e6c359fa2853ecb7b2c1156bc8d05c64ff9089b4266ca7d1c96bdc_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:b260051bc38be6e1edfbb536b3d5568408406bd5ba214d9c460ff31fda95080d_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:c82b5be3ccc18dfc9f64732e2a6892e40555556119e041445867ee6895698fff_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/multicluster-redirector-rhel9@sha256:ef4cdde7f946cb4ac076651227c139ec1151fe1dfcfab16a7370eb5a1dedf8f8_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:49ec7497195cc73b5ab71a31d84f4adba1068580f1b615a4918a6b9a614b8e1b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:4a19870c5fa8b55441ce9de937de2023de89ec98415b70c8cdb868e541f7fe90_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:aae678397f22a53d10863aad458ea58d487b4ff87cd1a5200a02835fc2d76eb4_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b47ea1f8c8cc35c7171251b9c044c38c7f66200e4336067c528b308f3a1779ec_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:31bed0f8d7cc026fb582a447d3cea648b6723b5309b282899062fb51a9b6b06b_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:b6c81d692c2610b97c365ba0160bd4d4f3222b3b8129f46e9bb4f744d91ca142_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:ddbef65f258899cb9450a370e72a61acb6e3710f4fe76cd1d43d5b68d661f4cb_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:de4737b85e6f485e6dc5283574f7da587995ef60a17039df4728c126df00b4e4_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:4550375a1ce30dfa306ac819590e0f95f512a7f9036e756e0ed643297f7555fe_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:62a2ad04b76186b8cc425a677aee50ed2e0cf531fc87888f513fe54d250510d3_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:782ccfcc7d458e2b27f0146c39bcf43c3133197d62a97052a2b67da4000c0c47_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/server-rhel9@sha256:c51792428816b2744121027ff39c1f0d1368ad2812e5604f4aceefe85ee23f00_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:12ae1997a6df944284ecfb3501138c25f1a39eba23b52685b48008174a6a363a_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:3942aaa0d29412ca79a413216b27ac338af01b1db1e31c5bb023fd135094768b_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:b5f40cea19df512eb3083c9ec8a34b964742c44c4843ec979d0a4ff9e94ca02d_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/traefik-rhel9@sha256:e9a1f79f64b9427d4fa657f197d8e114f66ec6dfc028b8d4e47478d8f0d56d98_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:113200dd0b705840cbfd2128236c4ab3813e0146a45538f8d348517045004b10_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:84050974bd849ca3380327c00ae001980b9fee834bf44e080c90442be4b17682_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:db2b024c908f9e92b63b05e5de9c4a97d8258604e538e9b30261768f415a8213_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel10@sha256:e5209000fd966c4e98fa6609f998fe0d6edc3088aeaa68f1261865c168379df7_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:3e42db39ee6eff785c8e03e6a4f764ea5359221c2c9ecd153caee01a780d029b_ppc64le",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:5ecda2244caefbd85bd89bf7f8caeeeb511e91f87a6d46d83d7553901459715a_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:df538d83965fbf69f86fda16c699ee043ecbdb6b2a6b93ac9ef63e73d564537e_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-base-rhel9@sha256:e095dd0cb8e327d8d6589bba674372aeb38397b22790bfed208156d3bb9d746c_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:58111d940c17ffcef32fc2d86f19c8d0f629b89c6412fb9933ca1ad411eec48f_s390x",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:8a97ad4c50e74468ffddb50f6dc3a748bd6223ca6dd869159eaa19447e8d5735_arm64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:cef073ba3e67731d90b615b1ed97e8d8941f4b84f795feebaa14cbba4506c22a_amd64",
"Red Hat OpenShift Dev Spaces 3.27:registry.redhat.io/devspaces/udi-rhel9@sha256:f6eb04566e390bab2a8028146d0c54ffb3357cde8a633edd4e19ab29629acec4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.