Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61729 (GCVE-0-2025-61729)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37
VLAI
EPSS
Title
Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Summary
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.24.11
(semver)
Affected: 1.25.0 , < 1.25.5 (semver) |
Credits
Philippe Antoine (Catena cyber)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-61729",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:52:36.341575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:52:58.224Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.VerifyHostname"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.24.11",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.25.5",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Philippe Antoine (Catena cyber)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T19:37:14.903Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/725920"
},
{
"url": "https://go.dev/issue/76445"
},
{
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-61729",
"datePublished": "2025-12-02T18:54:10.166Z",
"dateReserved": "2025-09-30T15:05:03.605Z",
"dateUpdated": "2025-12-03T19:37:14.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61729",
"date": "2026-06-30",
"epss": "0.00451",
"percentile": "0.35925"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61729\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-12-02T19:15:51.447\",\"lastModified\":\"2026-06-17T09:50:48.507\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.VerifyHostname\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.11\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-02T21:52:36.341575Z\",\"id\":\"CVE-2025-61729\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.11\",\"matchCriteriaId\":\"F2E6FD2A-A487-4099-B91D-2429F286AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.5\",\"matchCriteriaId\":\"39C03A37-B94B-46E4-B1C2-A70A870F8E53\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/725920\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76445\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4155\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61729\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-02T21:52:36.341575Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-02T21:52:53.822Z\"}}], \"cna\": {\"title\": \"Excessive resource consumption when printing error string for host certificate validation in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Philippe Antoine (Catena cyber)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.5\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.VerifyHostname\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/725920\"}, {\"url\": \"https://go.dev/issue/76445\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/8FJoBkPddm4\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4155\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61729\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T19:37:14.903Z\", \"dateReserved\": \"2025-09-30T15:05:03.605Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-12-02T18:54:10.166Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2922
Vulnerability from csaf_redhat - Published: 2026-02-18 12:26 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 | — |
Threats
Impact
Important
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 | — |
Threats
Impact
Important
A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions (regex) in the `metaRegex()` function. This vulnerability could lead to Server-Side Request Forgery (SSRF), allowing the attacker to probe internal network services. While the flaw only permits GET requests, preventing state changes or data exfiltration, it still poses a risk for internal network reconnaissance.
5.8 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2922",
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22772",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2922.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-30T08:56:42+00:00",
"generator": {
"date": "2026-06-30T08:56:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2922",
"initial_release_date": "2026-02-18T12:26:00+00:00",
"revision_history": [
{
"date": "2026-02-18T12:26:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-18T12:26:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.2",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"product": {
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"product_id": "registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cosign-rhel9@sha256%3A8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770733887"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"product_id": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fetch-tsa-certs-rhel9@sha256%3Ae001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770737394"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"product": {
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"product_id": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitsign-rhel9@sha256%3A4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-cli-rhel9@sha256%3A6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770738512"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64",
"product": {
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64",
"product_id": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/updatetree-rhel9@sha256%3Acfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734118"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64"
},
"product_reference": "registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
},
"product_reference": "registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
},
"product_reference": "registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:26:00+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:26:00+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:26:00+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:26:00+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2026-22772",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-01-12T22:01:21.336171+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428808"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions (regex) in the `metaRegex()` function. This vulnerability could lead to Server-Side Request Forgery (SSRF), allowing the attacker to probe internal network services. While the flaw only permits GET requests, preventing state changes or data exfiltration, it still poses a risk for internal network reconnaissance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Fulcio\u0027s URL validation allows attackers to bypass security checks, leading to Server-Side Request Forgery (SSRF). This could enable internal network reconnaissance within affected Red Hat OpenShift and Ansible Automation Platform deployments, though it does not permit state changes or data exfiltration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "RHBZ#2428808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22772"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d",
"url": "https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr"
}
],
"release_date": "2026-01-12T20:58:53.659000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:26:00+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2922"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/cosign-rhel9@sha256:8efb2c8f77e91d7a15063ddc6f7eca1226a494f0f9340590af6e3a2eb9c462c3_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fetch-tsa-certs-rhel9@sha256:e001128c079f0355e88161c08f092d0d5b0d2f984fdb672002d4bcddf9585cd5_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/gitsign-rhel9@sha256:4c59990381ce313cd845257e95fd2e910b3d84459c5b3c3aa09fce954a328101_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-cli-rhel9@sha256:6dc1b8af2586c0b7dc2786ed075f3e387943bed78818e02c7bd38f0ac1cace0b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/updatetree-rhel9@sha256:cfba6d424b5e45362bb4e61d9b05bb49a24beb56a3c5ddc3aebdd2e0647179de_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fulcio: Fulcio: Server-Side Request Forgery (SSRF) via unanchored regex in MetaIssuer URL validation"
}
]
}
RHSA-2026:2926
Vulnerability from csaf_redhat - Published: 2026-02-18 12:44 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Vendor Fix
fix
|
Known not affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Threats
Impact
Important
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Threats
Impact
Important
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
Threats
Impact
Important
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Vendor Fix
fix
|
Known not affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Threats
Impact
Important
A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of service (DoS) condition. The root cause is an unchecked assumption during typed array hydration, where an ArrayBuffer is expected but not validated.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Threats
Impact
Important
A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker could exploit this vulnerability by providing specially crafted input to the `devalue.parse` function. This improper input validation, specifically during the ArrayBuffer hydration process, can cause the application to consume excessive CPU time and memory. This ultimately leads to a denial of service (DoS), making the affected system unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 | — |
Workaround
|
Threats
Impact
Important
References
83 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2926",
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65945",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22774",
"url": "https://access.redhat.com/security/cve/CVE-2026-22774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22775",
"url": "https://access.redhat.com/security/cve/CVE-2026-22775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23745",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-23950",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2926.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-30T08:56:43+00:00",
"generator": {
"date": "2026-06-30T08:56:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2926",
"initial_release_date": "2026-02-18T12:44:41+00:00",
"revision_history": [
{
"date": "2026-02-18T12:44:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-18T12:44:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.2",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-backfill-redis-rhel9@sha256%3A9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770738512"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"product": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"product_id": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/certificate-transparency-rhel9@sha256%3A7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770738094"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-database-rhel9@sha256%3A50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"product_id": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fulcio-rhel9@sha256%3Ac9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734418"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logserver-rhel9@sha256%3Ab246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logsigner-rhel9@sha256%3Ad0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-redis-rhel9@sha256%3Ad97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770734118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-search-ui-rhel9@sha256%3A1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770739056"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-server-rhel9@sha256%3A4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770738512"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"product": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"product_id": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/timestamp-authority-rhel9@sha256%3A576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770738273"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64"
},
"product_reference": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64"
},
"product_reference": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65945",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-12-04T19:01:14.733682+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418904"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in auth0/node-jws. This vulnerability allows improper signature verification via using the HS256 (Hash-based Message Authentication Code using SHA-256) algorithm under specific conditions, where applications use the jws.createVerify() function for HMAC (Keyed-Hash Message Authentication Code) algorithms and user-provided data from the JSON (JavaScript Object Notation) Web Signature protected header or payload in HMAC secret lookup routines.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65945"
},
{
"category": "external",
"summary": "RHBZ#2418904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65945"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e",
"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x",
"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x"
}
],
"release_date": "2025-12-04T18:45:37.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-jws: auth0/node-jws: Improper signature verification in HS256 algorithm"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22774",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2026-01-15T19:01:29.258462+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker can exploit this vulnerability by providing specially crafted input to the devalue.parse function. This can cause the application to consume excessive CPU time and memory, leading to a denial of service (DoS) condition. The root cause is an unchecked assumption during typed array hydration, where an ArrayBuffer is expected but not validated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "devalue: devalue: Denial of Service due to excessive resource consumption from untrusted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `devalue` JavaScript library, such as pgAdmin 4, Red Hat Build of Podman Desktop, and Red Hat Trusted Artifact Signer. A remote attacker can exploit this flaw by providing specially crafted input to the `devalue.parse` function, leading to excessive CPU and memory consumption and a denial of service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22774"
},
{
"category": "external",
"summary": "RHBZ#2430095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22774"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4",
"url": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2",
"url": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv",
"url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-vw5p-8cq8-m7mv"
}
],
"release_date": "2026-01-15T18:53:21.963000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "devalue: devalue: Denial of Service due to excessive resource consumption from untrusted input"
},
{
"cve": "CVE-2026-22775",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2026-01-15T20:00:50.600496+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430109"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker could exploit this vulnerability by providing specially crafted input to the `devalue.parse` function. This improper input validation, specifically during the ArrayBuffer hydration process, can cause the application to consume excessive CPU time and memory. This ultimately leads to a denial of service (DoS), making the affected system unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "devalue: devalue: Denial of Service due to improper input validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat. The `devalue` JavaScript library, when used by applications to parse untrusted external input, is susceptible to a denial of service. Specially crafted input to the `devalue.parse` function can lead to excessive CPU and memory consumption, rendering the affected system unavailable. Red Hat products such as Red Hat Build of Podman Desktop and Red Hat Trusted Artifact Signer are affected if they process untrusted data using the vulnerable `devalue.parse` function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22775"
},
{
"category": "external",
"summary": "RHBZ#2430109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22775"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4",
"url": "https://github.com/sveltejs/devalue/commit/11755849fa0634ae294a15ec0aef2f43efcad7c4"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2",
"url": "https://github.com/sveltejs/devalue/releases/tag/v5.6.2"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/security/advisories/GHSA-g2pg-6438-jwpf",
"url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-g2pg-6438-jwpf"
}
],
"release_date": "2026-01-15T18:59:37.499000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "devalue: devalue: Denial of Service due to improper input validation"
},
{
"cve": "CVE-2026-23745",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-16T23:01:26.508727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430538"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the node-tar library. The flaw allows an attacker to perform arbitrary file overwrite and symlink poisoning by crafting malicious tar archives. This occurs due to insufficient path sanitization of hardlink and symbolic link entries, even when the default secure behavior (preservePaths is false) is enabled.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23745"
},
{
"category": "external",
"summary": "RHBZ#2430538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e",
"url": "https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97"
}
],
"release_date": "2026-01-16T22:00:08.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives"
},
{
"cve": "CVE-2026-23950",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-01-20T02:00:55.870044+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431036"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the `path-reservations` system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially crafted tar archive containing filenames that cause these collisions, bypassing internal concurrency safeguards. Successful exploitation can lead to arbitrary file overwrite.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The `node-tar` library is susceptible to a race condition due to incomplete handling of Unicode path collisions, which can lead to arbitrary file overwrites via symlink poisoning. However, this issue primarily affects case-insensitive or normalization-insensitive filesystems. Red Hat Enterprise Linux and other Red Hat products typically utilize case-sensitive filesystems, which may limit the direct impact of this flaw in default configurations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23950"
},
{
"category": "external",
"summary": "RHBZ#2431036",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431036"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23950"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6",
"url": "https://github.com/isaacs/node-tar/commit/3b1abfae650056edfabcbe0a0df5954d390521e6"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-r6q2-hw4h-h46w"
}
],
"release_date": "2026-01-20T00:40:48.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:44:41+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2926"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:7e70be684d2bc550f1d31b89eadcac24e6385b3578ad29d8bdaa17b260f9dbce_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/fulcio-rhel9@sha256:c9289244939c0fd2737e8768ac089d09d15ca42ea34e2512c13a73c159338ab7_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:9b91bac976cf7c30b15f9a022996142e48711110ecd1c52663504e53dcfdcf09_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:1e3a46ade52215e2c78df9229f36301c94099e8397ee74ab99fb8bd504ce7aa2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:4afca53f27929243177a80a08e1ca77bd8978a50e8e0e7929781bb7b14a85cd2_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:576d4fc358fffe5bedb93eb3fec68b9c040b1d50e6c4c56a3f8d49084c169e4f_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50bc20bb57e8ee31e56637cafccfed2658982d81ca9bf1e71db9de4b82a2be36_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:b246d096ad6d2b19decfa3d87bca9ab2b78000aee28b717c0a33d1202a1b2d6b_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:d0f8b68e55173b010fd381e374f232a40fba6d03282cfd870bd9c12c492e4aec_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:d97e6688aabf25ed1da6a8bf2012efb1772beed49b91456288418f6023a38dac_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition"
}
]
}
RHSA-2026:2927
Vulnerability from csaf_redhat - Published: 2026-02-18 12:52 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64 | — |
Threats
Impact
Important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.2.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.15, 4.16, 4.17, 4.18 and 4.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2927",
"url": "https://access.redhat.com/errata/RHSA-2026:2927"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2927.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.2.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-30T08:56:43+00:00",
"generator": {
"date": "2026-06-30T08:56:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2927",
"initial_release_date": "2026-02-18T12:52:55+00:00",
"revision_history": [
{
"date": "2026-02-18T12:52:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-18T12:53:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.2",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-operator-bundle@sha256%3A9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770806750"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-rhel9-operator@sha256%3A8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1770806750"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64 as a component of Red Hat Trusted Artifact Signer 1.2",
"product_id": "Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T12:52:55+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.2/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2927"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-operator-bundle@sha256:9e4a194864b8530f442aba5e8300e348dcfa0cb9a5957e1ad9f22474ebd8b343_amd64",
"Red Hat Trusted Artifact Signer 1.2:registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:8d947fa44d86d59d7a6f215db9081d8a47ddbe7587e694e49bf3b533d7420c91_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:2951
Vulnerability from csaf_redhat - Published: 2026-02-18 14:15 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: Red Hat OpenShift API for Data Protection
Severity
Important
Notes
Topic: A new version of OpenShift API for Data Protection (OADP) is now available.
Details: OpenShift API for Data Protection (OADP) enables you to back up and restore
application resources, persistent volume data, and internal container
images to external backup storage. OADP enables both file system-based and
snapshot-based backups for persistent volumes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
7.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x | — |
Vendor Fix
fix
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64 | — | ||
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 | — |
Threats
Impact
Moderate
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
37 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64 | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le | — |
Workaround
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 | — |
Threats
Impact
Important
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of OpenShift API for Data Protection (OADP) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2951",
"url": "https://access.redhat.com/errata/RHSA-2026:2951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47907",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52881",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/backup_and_restore/oadp-application-backup-and-restore",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/backup_and_restore/oadp-application-backup-and-restore"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2951.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift API for Data Protection",
"tracking": {
"current_release_date": "2026-06-30T08:56:43+00:00",
"generator": {
"date": "2026-06-30T08:56:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:2951",
"initial_release_date": "2026-02-18T14:15:26+00:00",
"revision_history": [
{
"date": "2026-02-18T14:15:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-18T14:15:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift API for Data Protection 1.4",
"product": {
"name": "OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift API for Data Protection"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"product_id": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256%3A1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"product_id": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256%3A940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"product_id": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256%3Adfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"product_id": "registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-operator-bundle@sha256%3A6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770645852"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256%3A8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256%3Af8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643554"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256%3Ae770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643658"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256%3A85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770645005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256%3Ad4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256%3A89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643210"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"product_id": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256%3Ac0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c?arch=amd64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643612"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"product_id": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256%3A10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"product_id": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256%3A11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"product_id": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256%3A6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256%3A1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256%3Adde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643554"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256%3Ad48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643658"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256%3A801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770645005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256%3Ab89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256%3A0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643210"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"product_id": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256%3Aaacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041?arch=arm64\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643612"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"product_id": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256%3Aae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"product_id": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256%3A74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"product_id": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256%3A7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256%3Afcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256%3A248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643554"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256%3A04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643658"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256%3A767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770645005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256%3Aa26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256%3A67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643210"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"product_id": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256%3A5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb?arch=s390x\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643612"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256%3A1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644762"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-mustgather-rhel9@sha256%3A322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643178"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-rhel9-operator@sha256%3Ad7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770644825"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-rhel9@sha256%3Af355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643540"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256%3A58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643554"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256%3A0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643658"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256%3A9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770645005"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256%3A0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643248"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256%3Ae9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643210"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"product": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"product_id": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256%3A31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp\u0026tag=1770643612"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64 as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x as a component of OpenShift API for Data Protection 1.4",
"product_id": "OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
},
"product_reference": "registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x",
"relates_to_product_reference": "OpenShift API for Data Protection 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
],
"known_not_affected": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T14:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64"
],
"known_not_affected": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T14:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2951"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
],
"known_not_affected": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-18T14:15:26+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.",
"product_ids": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1276b0dbd068fd7888365788e48a4e3a524a4555061801139fd140ed2d89154d_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:1f2396dc7d067a59fdf3ae861aaa6ad8e521baea76ce762ba64ac01113ea0813_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:11965dab871e30639539bb95fbb3efb4512eef8dd7e035bf4de493d38a7d14ed_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:74eecebb47868a381eb3fab89bad5edc5043824b2accd7bf362558f061eadc42_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:940b0800a74e94a0a8d3320b111f9be54223f19f1a36ed2c058a177ce54be35c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-rhel9-operator@sha256:dfd100a754d9acd3ef1c597cad420c72c1066237116caac223706e877926505b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:04f0c52e789500ec2969f7568b804a6e3f6bd8f7658e4d4120542939dfc92c73_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:d48d5d6ab7b94b65c034da7426defab0b80c5afb2a82a891542dc5370eb77768_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:801251f9f0f3a0545e89cc5717d0a093ccff134c464ad8dd8c53e680b8539fba_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:85207a723d9436784a101337de015006794b50ddfa662df81bfaf45518695452_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:9ca9ea6b3e064834ee9f53f5abd107e584fc9ce39b99881e22f89f6b65e75dd0_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:b89c851ba357d6c0a67d2cc95e8346c0108bb88a1954d55aaef3b7fee7a5a82f_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:0eec8730cee2920692e03351235da329f1c9a637fb11b450281e739bd26799cb_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:67716827a43c2e5c74efa0f59962671cd5760f4faaf05d2a2a24106b59bf3719_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:89610642c1a3f9c031b8a4ae3d6c85a496f63ec4fa45861e2692872098f0c8f8_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e9bfe6dd2a805a81f6565f3526159d66060b4dda3ed52addb96e0bdd0454b712_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:248daac88da8f53faccd7d7a81ef32927bf6d6b68f20f700935ae97f37646245_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:58460339a4dd3e4f08c071e45292615124eb719ddeb087d95effcc31b3d9e976_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:dde7862f2e612213e8a74622ce9841a772965b6ef2a4d63826f0287ac5eab998_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-plugin-rhel9@sha256:f8c2f6a89d9e1e02c52ea25d9910614a4900cd0dd0e9ce16b4705165ab170afa_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:5ad378b674ed0135cf732e7acff92ed5ed775144f389f0ef30cc102dac8db6fb_s390x",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:8e6e92ae2473c721657c639bdf336b545d4f1678780e3c8c8f907640c7e8747b_amd64",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:f355805050fa7b75f41d3ddbefebbe54b6ed784f765fccf789ed3c40fb7901bb_ppc64le",
"OpenShift API for Data Protection 1.4:registry.redhat.io/oadp/oadp-velero-rhel9@sha256:fcaf5307d716ee101fbfe6ac10b296448754ce7e2a362a6b038bb201cb961f1f_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:3035
Vulnerability from csaf_redhat - Published: 2026-02-23 01:30 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: grafana-pcp security update
Severity
Important
Notes
Topic: An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3035",
"url": "https://access.redhat.com/errata/RHSA-2026:3035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3035.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-06-30T08:56:44+00:00",
"generator": {
"date": "2026-06-30T08:56:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3035",
"initial_release_date": "2026-02-23T01:30:21+00:00",
"revision_history": [
{
"date": "2026-02-23T01:30:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T01:30:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-2.el10_1.src",
"product": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.src",
"product_id": "grafana-pcp-0:5.3.0-2.el10_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-2.el10_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"product": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"product_id": "grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-2.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-2.el10_1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-2.el10_1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"product": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"product_id": "grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-2.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-2.el10_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-2.el10_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-2.el10_1.s390x",
"product": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.s390x",
"product_id": "grafana-pcp-0:5.3.0-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-2.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"product_id": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-2.el10_1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-2.el10_1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"product": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"product_id": "grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-2.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-2.el10_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-2.el10_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64"
},
"product_reference": "grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le"
},
"product_reference": "grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x"
},
"product_reference": "grafana-pcp-0:5.3.0-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src"
},
"product_reference": "grafana-pcp-0:5.3.0-2.el10_1.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64"
},
"product_reference": "grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T01:30:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3035"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T01:30:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3035"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T01:30:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3035"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.src",
"AppStream-10.1.Z:grafana-pcp-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debuginfo-0:5.3.0-2.el10_1.x86_64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.aarch64",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.ppc64le",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.s390x",
"AppStream-10.1.Z:grafana-pcp-debugsource-0:5.3.0-2.el10_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3040
Vulnerability from csaf_redhat - Published: 2026-02-23 02:14 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: grafana-pcp security update
Severity
Important
Notes
Topic: An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\n* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3040",
"url": "https://access.redhat.com/errata/RHSA-2026:3040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3040.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-06-30T08:56:44+00:00",
"generator": {
"date": "2026-06-30T08:56:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3040",
"initial_release_date": "2026-02-23T02:14:35+00:00",
"revision_history": [
{
"date": "2026-02-23T02:14:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T02:14:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-12.el9_7.src",
"product": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.src",
"product_id": "grafana-pcp-0:5.1.1-12.el9_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-12.el9_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"product": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"product_id": "grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-12.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-12.el9_7?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-12.el9_7?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"product": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"product_id": "grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-12.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-12.el9_7?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-12.el9_7?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"product": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"product_id": "grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-12.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-12.el9_7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-12.el9_7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-12.el9_7.s390x",
"product": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.s390x",
"product_id": "grafana-pcp-0:5.1.1-12.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-12.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"product_id": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-12.el9_7?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-12.el9_7?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64"
},
"product_reference": "grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le"
},
"product_reference": "grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x"
},
"product_reference": "grafana-pcp-0:5.1.1-12.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src"
},
"product_reference": "grafana-pcp-0:5.1.1-12.el9_7.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-12.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64"
},
"product_reference": "grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T02:14:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3040"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T02:14:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3040"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T02:14:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3040"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.src",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debuginfo-0:5.1.1-12.el9_7.x86_64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.aarch64",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.ppc64le",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.s390x",
"AppStream-9.7.0.Z.MAIN:grafana-pcp-debugsource-0:5.1.1-12.el9_7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
}
]
}
RHSA-2026:3053
Vulnerability from csaf_redhat - Published: 2026-02-23 06:47 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: butane security update
Severity
Important
Notes
Topic: An update for butane is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for butane is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3053",
"url": "https://access.redhat.com/errata/RHSA-2026:3053"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3053.json"
}
],
"title": "Red Hat Security Advisory: butane security update",
"tracking": {
"current_release_date": "2026-06-30T08:56:44+00:00",
"generator": {
"date": "2026-06-30T08:56:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3053",
"initial_release_date": "2026-02-23T06:47:46+00:00",
"revision_history": [
{
"date": "2026-02-23T06:47:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T06:47:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.20.0-1.el9_4.1.src",
"product": {
"name": "butane-0:0.20.0-1.el9_4.1.src",
"product_id": "butane-0:0.20.0-1.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.20.0-1.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.20.0-1.el9_4.1.aarch64",
"product": {
"name": "butane-0:0.20.0-1.el9_4.1.aarch64",
"product_id": "butane-0:0.20.0-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.20.0-1.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"product": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"product_id": "butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.20.0-1.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"product": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"product_id": "butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.20.0-1.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.20.0-1.el9_4.1.ppc64le",
"product": {
"name": "butane-0:0.20.0-1.el9_4.1.ppc64le",
"product_id": "butane-0:0.20.0-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.20.0-1.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"product": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"product_id": "butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.20.0-1.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"product": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"product_id": "butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.20.0-1.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.20.0-1.el9_4.1.x86_64",
"product": {
"name": "butane-0:0.20.0-1.el9_4.1.x86_64",
"product_id": "butane-0:0.20.0-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.20.0-1.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.x86_64",
"product": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.x86_64",
"product_id": "butane-debugsource-0:0.20.0-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.20.0-1.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"product": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"product_id": "butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.20.0-1.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "butane-0:0.20.0-1.el9_4.1.s390x",
"product": {
"name": "butane-0:0.20.0-1.el9_4.1.s390x",
"product_id": "butane-0:0.20.0-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane@0.20.0-1.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"product": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"product_id": "butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debugsource@0.20.0-1.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"product": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"product_id": "butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/butane-debuginfo@0.20.0-1.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.20.0-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.aarch64"
},
"product_reference": "butane-0:0.20.0-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.20.0-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.ppc64le"
},
"product_reference": "butane-0:0.20.0-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.20.0-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.s390x"
},
"product_reference": "butane-0:0.20.0-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.20.0-1.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.src"
},
"product_reference": "butane-0:0.20.0-1.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-0:0.20.0-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.x86_64"
},
"product_reference": "butane-0:0.20.0-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64"
},
"product_reference": "butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le"
},
"product_reference": "butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.s390x"
},
"product_reference": "butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64"
},
"product_reference": "butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.aarch64"
},
"product_reference": "butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le"
},
"product_reference": "butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.s390x"
},
"product_reference": "butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "butane-debugsource-0:0.20.0-1.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.x86_64"
},
"product_reference": "butane-debugsource-0:0.20.0-1.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T06:47:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3053"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:butane-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debuginfo-0:0.20.0-1.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:butane-debugsource-0:0.20.0-1.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:3087
Vulnerability from csaf_redhat - Published: 2026-02-23 13:35 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 | — |
Threats
Impact
Important
A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 | — |
Threats
Impact
Important
A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 | — |
Workaround
|
Threats
Impact
Important
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 | — |
Workaround
|
Threats
Impact
Important
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3087",
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66564",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3087.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-06-30T08:56:45+00:00",
"generator": {
"date": "2026-06-30T08:56:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3087",
"initial_release_date": "2026-02-23T13:35:49+00:00",
"revision_history": [
{
"date": "2026-02-23T13:35:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T13:37:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-rhel9@sha256%3A9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1771324865"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-ui-rhel9@sha256%3Ae7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1771324807"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-66564",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:11.786030+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66564"
},
{
"category": "external",
"summary": "RHBZ#2419054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66564",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66564"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421",
"url": "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421"
},
{
"category": "external",
"summary": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh",
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh"
}
],
"release_date": "2025-12-04T22:37:13.307000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing"
},
{
"cve": "CVE-2026-22029",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-01-10T04:01:03.694749+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428412"
}
],
"notes": [
{
"category": "description",
"text": "A cross site scripting flaw has been discovered in the npm react-router and @remix-run/router packages. React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22029"
},
{
"category": "external",
"summary": "RHBZ#2428412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
},
{
"category": "external",
"summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
}
],
"release_date": "2026-01-10T02:42:32.736000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T13:35:49+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3087"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:9178c9d48b3e6ac76f4f74b7bb60f450a5076de937ee8843e19cf4749449ecd8_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:e7ee88dd498d337304db3d90f4f352e55114475dbc9d75c3b18a49a249492b1e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
RHSA-2026:3104
Vulnerability from csaf_redhat - Published: 2026-02-23 17:13 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.8
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.0.8
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.0.8, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* OCSP Memory Leak Check BSSL-Compatability
Security Fix(es):
* istio-rhel9-operator: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)
* istio-pilot-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)
* istio-cni-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le | — |
Vendor Fix
fix
|
Known not affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64 | — |
Threats
Impact
Important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.8\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.8, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* OCSP Memory Leak Check BSSL-Compatability\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n\n* istio-pilot-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)\n\n* istio-cni-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3104",
"url": "https://access.redhat.com/errata/RHSA-2026:3104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3104.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.8",
"tracking": {
"current_release_date": "2026-06-30T08:56:45+00:00",
"generator": {
"date": "2026-06-30T08:56:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3104",
"initial_release_date": "2026-02-23T17:13:34+00:00",
"revision_history": [
{
"date": "2026-02-23T17:13:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:13:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.0",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3Acabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771442547"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771440013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Adb1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Abbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1771400718"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771440013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ab31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1771400718"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Afac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771440013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1771400718"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351457"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771440013"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ac98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771351196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771385779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1771400718"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64 as a component of Red Hat OpenShift Service Mesh 3.0",
"product_id": "Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:13:34+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.8 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3104"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:93733d74082e71886c078abe4b13f9511baf892487cd047fa1194e81235dd0c2_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b31a992d24c061f3ef641c23c1cbc715e3ba47649abaad14946e294b844d4b0c_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:bbc1f68df6fb8fd125de60890a3a2da15484deccb3734a956a035239f277e748_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:f21c48fbe4d232dbf4126b9bf8a2a9f23e160ba1c7e4ce7dc44f670ed7286535_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:04ee0f5c0ec52b7ab6f08b6b1822a37e0c8d33223db7622596b382f193b2dc1a_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:58db4bad90faf8ddb6cfe1ade015b99e895b6ff0e8a34a41d73ea73a443b3798_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:5ccb207f8113371dde03fd696184b1097f98b8e44d350d58185f1de38ac0433a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:953940e5ca9c59102fb7858dfbd6a96c413e95301311352291f01d3eee04ee25_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:0376b2f571b2d8d63ef4fade1647f3f03f93ae07336f94eeb178a531f79690fc_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:16d23500d079d22f20c2f2893f7a628d16d81c3745a08eb0eb3186019d74a270_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:74bae4db5a733b38d51a687043624137a0712a067b347b7a2959f20281f0b7fe_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:7bf281070ecb889c6ef9f3b5fc1ed0c3c85d0f7012f5b5c81db15b3d77f5d5f9_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:354b013cd8c32b21f1a21e6e3ca299ae13af1feca1ca18011ad97faf82a7a0a2_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:c98ca4e130a9f3fe586c50dad3fc9dc9274826df0245be49e28cc27e04cbda4c_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d0cffeb4ea0bd432875f898a8efbe4a2041e821c07cd6bb831034f4aa762a6aa_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:db1399d0d45e9c1410b952c4f8455e4a78804e9cca38403b6fbee79e179f846a_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:03c1d2e133063c8b4b9a4b85d54e45e31be2c295df810b5d394aafa155a865ad_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:176411bb560438a48d9b4f947234a4534dc6eb578266c15b8f4f7121772f5dbb_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:7bbc843f5ee425fb402b8d7acc4945800f7cd65500782e000b37cf739efac2ab_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d975bd999a82768a83a615c091773a454bc176b9abf29e8dd6a78f1d31229cc4_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4dbb50590ed71739ce49d21ccaae1004141ea921865a0b760964bfd0af90c0a7_amd64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:86754d61c4efc86a47e5c9c92374c6e22b38f683161f649a33c559a479622475_arm64",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f0bd8f3c243f1dcfbe5479d98920b7942df5885c7d673099aceb778d07f2464d_s390x",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fac90e5bc90010884d8a08d1c6d6efc1bc2b4db4a6529801e46b93bf313c7a97_ppc64le",
"Red Hat OpenShift Service Mesh 3.0:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:cabc0e4b56994a3c4796b6ed11994480f45e65a084de13c015939b28c602df41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
}
]
}
RHSA-2026:3107
Vulnerability from csaf_redhat - Published: 2026-02-23 17:16 - Updated: 2026-06-30 08:56Summary
Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
Severity
Important
Notes
Topic: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64 | — |
Threats
Impact
Important
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3107",
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61729",
"url": "https://access.redhat.com/security/cve/cve-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3107.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-06-30T08:56:45+00:00",
"generator": {
"date": "2026-06-30T08:56:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.0"
}
},
"id": "RHSA-2026:3107",
"initial_release_date": "2026-02-23T17:16:07+00:00",
"revision_history": [
{
"date": "2026-02-23T17:16:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:16:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-30T08:56:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Afcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Ae2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ae3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…